Hello William -
What you are describing below can be accomplished very easily by using a
Session Database. I have posted several responses to the list about this topic
over the last couple of days. Have a look at those and get back to me if you
have any other questions. Note that the session database operates on a global
basis for your installation - ie. it keeps track of all sessions on all NAS's.
hth
Hugh
On Fri, 21 Jul 2000, William Hernandez wrote:
> Hugh,
>
> The AuthByPolicy of ContinueUntilAccept clause was in the radius.cfg file
> from early attempts at setting up the cfg file. I have removed it.
>
> We want to accomplish checking of simultaneous use across all of our NAS'S.
>
> All of our users have an UNIX login entry in /etc/passwd|shadow. Our users
> can select options that allow simultaneous use. In this case the user will
> also have an entry in /etc/raddb/users.
>
> For example,
> toledo-carazo.com Auth-Type = "System", Simultaneous-Use = 2
> Service-Type = Framed-User,
> Framed-Protocol = MP,
> Framed-IP-Netmask = 255.255.255.255,
> Framed-Compression = Van-Jacobson-TCP-IP,
> Ascend-Maximum-Channels = 2,
> Ascend-Idle-Limit = 1200
>
> herculespr.net Auth-Type = "System", Simultaneous-Use = 2
> Service-Type = Framed-User,
> Framed-Protocol = MP,
> Framed-IP-Address = 208.249.80.161,
> Framed-IP-Netmask = 255.255.255.248,
> Framed-Compression = Van-Jacobson-TCP-IP,
> Ascend-Maximum-Channels = 2,
> NAS-Port-Type = ISDN-Sync,
> Ascend-Route-IP=Route-IP-Yes,
> Ascend-Idle-Limit = 0
>
> For the above users upto 2 users may simultaneously login into any of the 12
> NAS'S that are currently available. Simultaneous use is not per NAS, i.e.,
> simultaneous use must be checked for on all 12 of the NAS'S.
>
> Thanks for your help,
> William
>
> -----Original Message-----
> From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 20, 2000 3:48 AM
> To: William Hernandez; Radiator
> Subject: RE: (RADIATOR) Simultaneous-use in 2.15
>
>
>
> Hello William -
>
> Thanks for sending the log file.
>
> The log shows that the user is indeed being rejected by the first AuthBy
> clause, but your configuration file has an AuthByPolicy of
> ContinueUntilAccept,
> so it goes on to the next AuthBy clause which then accepts the user.
> Radiator
> is doing exactly what it has been configured to do.
>
> I think you will need to explain what it is you are trying to accomplish so
> I
> can make some sensible suggestions.
>
> regards
>
> Hugh
>
>
> On Thu, 20 Jul 2000, William Hernandez wrote:
> >
> > Hugh,
> >
> > I've attached an excerpt from our radius.log file.
> >
> > The use "hmcalixto" was already logged in on max3 at
> > Wed Jul 19 12:11:59 2000: Login OK: [hmcalixto] (max3)
> >
> > Thanks in advance.
> > William
> >
> > -----Original Message-----
> > From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, July 18, 2000 7:32 PM
> > To: William Hernandez; Radiator
> > Subject: Re: (RADIATOR) Simultaneous-use in 2.15
> >
> >
> >
> > Hello William -
> >
> > I will need to see a trace 4 debug as well as what you have sent this
> time.
> >
> > thanks
> >
> > Hugh
> >
> > On Wed, 19 Jul 2000, William Hernandez wrote:
> > >
> > > Hello everyone,
> > >
> > > I'm having problems getting the simultaneous-use check item to work.
> I've
> > > tried using the internal SessionDatabase and an external SessionDatabase
> > > (using mysql), but Radiator doesn't report a rejection on a second login
> > > session either way.
> > >
> > > I've attached my radius.cfg.
> > >
> > > Some sample entries from my users file are:
> > >
> > > company1.com Auth-Type = "System"
> > > Service-Type = Framed-User,
> > > Framed-Protocol = MP,
> > > Framed-IP-Address = 208.249.79.226,
> > > Framed-IP-Netmask = 255.255.255.255,
> > > Framed-Compression = Van-Jacobson-TCP-IP,
> > > Ascend-Maximum-Channels = 2,
> > > NAS-Port-Type = ISDN-Sync,
> > > Ascend-Route-IP=Route-IP-Yes,
> > > Ascend-Idle-Limit = 0
> > >
> > > company2.com Auth-Type = "System"
> > > Service-Type = Framed-User,
> > > Framed-Protocol = PPP,
> > > Framed-IP-Address = 208.249.79.227,
> > > Framed-IP-Netmask = 255.255.255.255,
> > > Framed-Compression = Van-Jacobson-TCP-IP,
> > > Ascend-Idle-Limit = 0
> > >
> > > DEFAULT Hint="LOCAL", Auth-Type = "System", Simultaneous-Use = 1
> > > Service-Type = Framed-User,
> > > Framed-Protocol = PPP,
> > > Framed-IP-Netmask = 255.255.255.255,
> > > Framed-Compression = Van-Jacobson-TCP-IP,
> > > Ascend-Idle-Limit = 900
> > >
> > > DEFAULT Auth-Type = "System", Simultaneous-Use = 1
> > > Service-Type = Framed-User,
> > > Framed-Protocol = PPP,
> > > Framed-IP-Netmask = 255.255.255.255,
> > > Framed-Compression = Van-Jacobson-TCP-IP,
> > > Ascend-Idle-Limit = 900
> > >
> > > Thanks in advance.
> > >
> > > William Hernández
> > >
> >
> > ----------------------------------------
> > Content-Type: application/octet-stream; name="radius.cfg"
> > Content-Transfer-Encoding: 7bit
> > Content-Description:
> > ----------------------------------------
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> > Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
> >
> >
> >
>
> ----------------------------------------
> Content-Type: application/octet-stream; name="radius.log"
> Content-Transfer-Encoding: quoted-printable
> Content-Description:
> ----------------------------------------
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
