(RADIATOR) AuthBy RADIUS and Session Database
hugh at open.com.au
Thu Jul 11 01:58:20 CDT 2002
Hello Tom -
Could you please send me a copy of your configurtation file (no secrets),
together with a trace 4 debug showing the two logins and a copy of the
relevant record from the session database.
BTW - the latest version is Radiator 3.1 and you should check the history file
to see if there have been any fixes in this area.
> I am running Radiator-2.18.4 on two boxes that are talking to a centrally
> located mySQL server that contains our Session Database. We are using
> ClientType TotalControlSNMP and AscendSNMP to query our NAS boxes.
> We are using these radius boxes as proxy servers for our Wholesales Dialup
> service offering, so we have many realms communicating back to many
> <AuthBy RADIUS> clauses. We are enforcing a DefaultSimultaneous 1 in the
> <AuthBy RADIUS> clause. Responses coming back from the Proxied Radius
> Servers do not include a Simultaneous-Use=1 statement. There is a
> Port-Limit=4 statement.
> Having said that, it is my belief that a user that is logged in, and shown
> in the session database, should not be permitted to log in. This is not
> the case here. The user recieves an access accept.
> A level 4 trace showed me that we do not do a SELECT against the Session
> Database or a SNMPGET to the NASes to see if the user is online. Is this
> the behavior of <AuthBy RADIUS>?
> Is there a way to fix this so simultaneous use will be enforced?
> Tom Daly
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator