Re: Non-Simultaneous Usage
Joshua Corbin <[EMAIL PROTECTED]> wrote: > Have that working, I even have my op field set to :=3D instead of null > (I've been following the list for a while now :), maybe you should > document that better as that was causing the weird behavior that I had > posted earlier about). Any suggestions? To be honest, I'm confused about the confusion people have with the 'op' field. The standard 'users' file and other examples show attributes, values, and operators. The SQL schema contains attribute, value, and something called 'op'. It would seem logical that IF you want SQL to do the same thing as the 'users' file, you would need to fill in each field... Part of the problem is that the schema SHOULD be 'attribute op value', not 'attribute value op'. I'd like to see that changed before 1.0... > > Step 2: Using the 'users' file, get Simultaneous-Use working > > in a test environment. If you don't have a test > > environment, make one now. > Hmm, not too sure how easy that's going to be as we don't have a spare > server to test on ... then make one now. Do you really want to test new configurations for the first time on a live system? Unless you like jumping out of airplanes without a parachute, the answer is "No." Set up a test system. Use 'tcpdump', or something similar to grab packets off of your live system, and use those for testing. Use 'radclient' to create new packets, and verify that the response is what you want. If you're not doing that, you'll have a whole lot of angry customers when you new configuration doesn't do what you expect, and kicks off 2000 users. > > Simultaneous-Use requires 'online' accounting information to be > > stored somewhere. For 0.7, this means 'radutmp'. So without using > > the 'radutmp' module, you'll have a hard time getting Simultaneous-Use > > to work. > Must I use radutmp? Why not sql accounting? No. The accounting is different from session maintenance. Accounting is long-term storage of what happened. The session database maintains a list of who is on now, and when they log off, throws that information away. I don't recall if SQL sessions are supported completely in 0.7. I do know they're in the CVS head. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Non-Simultaneous Usage
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:freeradius-users-admin@;lists.cistron.nl]On Behalf Of Joshua > Corbin > Sent: Monday, October 28, 2002 7:33 PM > To: FreeRadius List > Subject: Re: Non-Simultaneous Usage > > > > I would suggest doing that in three steps. Most people try to > > configure 2-4 things at the same time, and then never get it working. > > Step 1: get MySQL working to your satisfaction. > Have that working, I even have my op field set to := instead of null > (I've been following the list for a while now :), maybe you should > document that better as that was causing the weird behavior that I had > posted earlier about). > > > Step 2: Using the 'users' file, get Simultaneous-Use working > > in a test environment. If you don't have a test > > environment, make one now. > Hmm, not too sure how easy that's going to be as we don't have a spare > server to test on, maybe I'll get back into UML. Also the reason we use > freeradius is specifically so that we don't have to use a users file > anymore (Livinston/Cistron burn). Single server test environment - build a second raddb directory such as '/usr/local/etc/raddb_test'. Configure it to use different ports and a different MySql database (same MySql instance). You can test all day long in this mode and never screw up the in-service system. When you get it all working, just copy the appropriate RADDB and MySQL data (changing the port and database name back) and you are set to go. Of course this does require a second NAS...but if you can only get at this at 2 am then this must be a mission critical system for which you have a spare, right? You might even be able to get around this by setting up a test realm - but I don't know if simultaneous use works with proxy, although it seems like it should. > > > Step 3: move the simultaneous use configuration to the SQL database. > I'll probably jump to this step, my test environment will have to be the > real server at say about 2 am in the morning :) > > > > Simultaneous-Use requires 'online' accounting information to be > > stored somewhere. For 0.7, this means 'radutmp'. So without using > > the 'radutmp' module, you'll have a hard time getting Simultaneous-Use > > to work. > Must I use radutmp? Why not sql accounting? > > Joshua Corbin > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Non-Simultaneous Usage
> I would suggest doing that in three steps. Most people try to > configure 2-4 things at the same time, and then never get it working. > Step 1: get MySQL working to your satisfaction. Have that working, I even have my op field set to := instead of null (I've been following the list for a while now :), maybe you should document that better as that was causing the weird behavior that I had posted earlier about). > Step 2: Using the 'users' file, get Simultaneous-Use working > in a test environment. If you don't have a test > environment, make one now. Hmm, not too sure how easy that's going to be as we don't have a spare server to test on, maybe I'll get back into UML. Also the reason we use freeradius is specifically so that we don't have to use a users file anymore (Livinston/Cistron burn). > Step 3: move the simultaneous use configuration to the SQL database. I'll probably jump to this step, my test environment will have to be the real server at say about 2 am in the morning :) > > Simultaneous-Use requires 'online' accounting information to be > stored somewhere. For 0.7, this means 'radutmp'. So without using > the 'radutmp' module, you'll have a hard time getting Simultaneous-Use > to work. Must I use radutmp? Why not sql accounting? Joshua Corbin signature.asc Description: This is a digitally signed message part
Re: Non-Simultaneous Usage
Joshua Corbin <[EMAIL PROTECTED]> wrote: > Can someone point show me how I need to setup FreeRadius 0.7 w/ MySQL so > that there is no simultaneous use? I would suggest doing that in three steps. Most people try to configure 2-4 things at the same time, and then never get it working. Step 1: get MySQL working to your satisfaction. Step 2: Using the 'users' file, get Simultaneous-Use working in a test environment. If you don't have a test environment, make one now. Step 3: move the simultaneous use configuration to the SQL database. Simultaneous-Use requires 'online' accounting information to be stored somewhere. For 0.7, this means 'radutmp'. So without using the 'radutmp' module, you'll have a hard time getting Simultaneous-Use to work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Non-Simultaneous Usage
Have you guys tried here: http://www.freeradius.org/radiusd/doc/Simultaneous-Use Gene Parks VIP Direct - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Non-Simultaneous Usage
Dear Joshua, you are not alone about this ... I am trying to get the same ... I can not get any advise yet .. :-) Regards, Jorge. JC> Greetings, JC> Can someone point show me how I need to setup FreeRadius 0.7 w/ MySQL so JC> that there is no simultaneous use? I.E. I only want users to be able to JC> connect once with their account. I've tried looking many place for JC> documentation, and short of the O'Reilly Book, I am unable to find JC> anything. JC> Thanks, JC> Joshua Corbin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html