(RADIATOR) Re: How does SessionDatabase SQL identify different connections?

[Hugh Irvine]

Hello Mario -

The control of simultaneous sessions depends on having accurate 
information in the radius requests to uniquely identify each session.

Radiator's session database uses the NAS-IP-Address and NAS-Port 
attributes to uniquely identifiy sessions, therefore it follows that if 
these attributes do not uniquely identify sessions then you have a 
problem. Radiator attempts to be self-healing when dealing with the 
session database by doing a delete for any access request using the 
NAS-IP-Address and NAS-Port contained in the request. This is because 
we may have missed a stop record and hence have a "stale" session.

You will need to do some experiments using different attributes in the 
SQL queries for the SessionDatabase SQL clause.

See section 6.7 in the Radiator 3.7.1 reference manual ("doc/ref.html").

regards

Hugh


On 22/12/2003, at 12:24 PM, Mario Lopez wrote:

> Hi Hugh,
>
> I have bying trying to make work concurrent session control with 
> MaxSessions
> using SessionDatabase SQL.
>
> The problem I think is that radiator uses NAS_IP_Address and NAS_Port 
> to
> identify different connections, am I wrong?. I mean, if he sees an Auth
> Request from same NAS IP Addres and NAS Port as the one he has 
> previously in
> session database it considers it the same connection and it replaces 
> the old
> record in database for the new one. Is this correct?.
>
> My problem is that my NAS (Gemtek Systems G6000) always uses same NAS 
> IP
> Address and NAS Port (port 0 by the way) and by that issue I always 
> see one
> connection independtly wich user is connected.
>
> How could I modify this behaviour?, I have checked SessSQL.pm and I can
> modify any of the SQL queries but I have noticed that every time a user
> tries to log in I see a delete session ordered from radiator I guess 
> this
> has to do with radiator thinking that it is the same user that it is 
> already
> logged in, is the code that makes the decision on substituting or 
> adding
> record available?
>
> Thanks :)
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.



NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.