Re: update session database in Authorization
On Wed, Feb 17, 2010 at 12:19 AM, Houssam Melhem hmel...@gmail.com wrote: How can we prevent multiple login in this situation? shall we think in adding a record to the session database in authorization section? In normal situation, acct-capable NAS send acct-start immediately after it receives access-accept, so there should be no need for you to do that manually. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: update session database in Authorization
Hello, You are right, I have this problem with Pheenet Access point and Nomadix AG, for cisco NAS I have no problem If I need to fix this issue what is the recommended solution to fix this issue? If I modify the authorize section to save sessions does it break Radius Protocol ? I am thinking in patching rlm_sql, what do you think? Thanks, Houssam On Wed, Feb 17, 2010 at 12:19 AM, Fajar A. Nugraha fa...@fajar.net wrote: On Wed, Feb 17, 2010 at 12:19 AM, Houssam Melhem hmel...@gmail.com wrote: How can we prevent multiple login in this situation? shall we think in adding a record to the session database in authorization section? In normal situation, acct-capable NAS send acct-start immediately after it receives access-accept, so there should be no need for you to do that manually. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: update session database in Authorization
On Wed, Feb 17, 2010 at 7:16 AM, Houssam Melhem hmel...@gmail.com wrote: Hello, You are right, I have this problem with Pheenet Access point and Nomadix AG, for cisco NAS I have no problem If I need to fix this issue what is the recommended solution to fix this issue? Well, I'd say you need to find root cause of problem first. Do they not send acct-start at all? Do they send it late? It's possible that they don't support acct at all (wireless AP used for 802.1x usually only use auth), so you'll have a hard time (if even possible) to limit simultaneus connections. If I modify the authorize section to save sessions does it break Radius Protocol ? It wouldn't be REAL accounting session. It'd be just some data you put there based on the information available during auth. You won't have enough information (like AcctSessionId) to create a real accounting entry. I am thinking in patching rlm_sql, what do you think? You can just use post-auth section, no need to patch the source code. See the example for Authentication Logging Queries. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html