(RADIATOR) AuthBy RADIUS and DefaultSimultaneousUse

Hugh Irvine hugh at open.com.au
Wed Nov 16 19:50:05 CST 2005 

Hello Toomas -

You could also use an AuthBy INTERNAL for this purpose:

<AuthBy INTERNAL>
         Identifier SessionCount
         DefaultResult IGNORE
         DefaultSimultaneousUse 1
</AuthBy>

regards

Hugh


On 16 Nov 2005, at 22:29, Toomas Kärner wrote:

> I found a workaround already like this:
> Added another AuthBy into realm clause:
> .
> .
> AuthBy SessionCount
> .
> .
> And this this AuthBy looks like this:
> <AuthBy SQL>
>         Identifier SessionCount
>         DBSource        x
>         DBUsername      x
>         DBAuth          x
>
>         AuthSelect      select null
>         AuthColumnDef   0,      bogus,reply
>
>         NoDefault
>         DefaultSimultaneousUse 1
> </AuthBy>
> Rgds.
> Toomas
>
> ----- Original Message -----
> From: "Toomas Kärner" <tomkar at estpak.ee>
> To: <radiator at open.com.au>
> Sent: Wednesday, November 16, 2005 12:42 PM
> Subject: (RADIATOR) AuthBy RADIUS and DefaultSimultaneousUse
>
>
>> Hi,
>>
>> Am I wrong or is this right that AuthBy RADIUS does not support using
>> Default SimultaneousUse keyword based on local SessionDB?
>> conf:
>> <AuthBy RADIUS>
>>         IgnoreAccounting
>>         Synchronous
>>         <Host x>
>>                         AuthPort x
>>             AcctPort
>>             Retries 0
>>             RetryTimeout 2
>>         </Host>
>>         AllowInReply    Reply-Message,Session-Timeout
>>         AllowInRequest  User-Name,User-Password
>>         DefaultSimultaneousUse 1
>> </AuthBy>
>> Results in log:
>> Wed Nov 16 10:28:19 2005: DEBUG: Packet dump:
>> *** Received from x ....
>> Code:       Access-Request
>> Identifier: 147
>> Authentic:  <233><163>H0<170>I<194>({J7<141><10>p<6><150>
>> Attributes:
>>         Service-Type = Login-User
>>         User-Name = "user"
>>         User-Password = x
>>         NAS-IP-Address = x
>>         NAS-Port = 0
>>
>> Wed Nov 16 10:28:19 2005: DEBUG: Rewrote user name to user
>> Wed Nov 16 10:28:19 2005: DEBUG: PortalPreHandlerHook Executed
>>
>> Wed Nov 16 10:28:19 2005: DEBUG: Handling request with Handler  
>> 'Realm=x'
>> Wed Nov 16 10:28:19 2005: DEBUG: SessDBWireless Deleting session  
>> for user,
>> x, 0
>> Wed Nov 16 10:28:19 2005: DEBUG: do query is: delete from  
>> wnsession where
>> username = 'user' and framed_ip is null
>> some other stuff in between
>> Wed Nov 16 10:28:19 2005: DEBUG: Handling with Radius::AuthRADIUS
>> Wed Nov 16 10:28:19 2005: DEBUG: Packet dump:
>> *** Sending to x port x ....
>> Code:       Access-Request
>> Identifier: 1
>> Authentic:  <233><163>H0<170>I<194>({J7<141><10>p<6><150>
>> Attributes:
>>         User-Name = "user"
>>         User-Password = "x"
>>
>> Wed Nov 16 10:28:19 2005: DEBUG: Packet dump:
>> *** Received from x port x ....
>> Code:       Access-Accept
>> Identifier: 1
>> Authentic:  /6<14>}<178>J`<236><<184><131><5>E<163>;<243>
>> Attributes:
>>
>> Wed Nov 16 10:28:19 2005: DEBUG: Received reply in AuthRADIUS for  
>> req 1
> from
>> x:x
>> Wed Nov 16 10:28:19 2005: DEBUG: ReplyHook executed!
>> Wed Nov 16 10:28:19 2005: DEBUG: Handling with Radius::AuthSQL
>> Wed Nov 16 10:28:19 2005: DEBUG: do query is: delete from  
>> wnsession where
>> mac_address='xxx' and ...
>> Wed Nov 16 10:28:19 2005: DEBUG: PostAuthHook Executed
>> Wed Nov 16 10:28:19 2005: DEBUG: Access accepted for user
>> Wed Nov 16 10:28:19 2005: DEBUG: Packet dump:
>> *** Sending to x port x ....
>> Code:       Access-Accept
>> Identifier: 147
>> Authentic:  <233><163>H0<170>I<194>({J7<141><10>p<6><150>
>> Attributes:
>> xxx
>>
>> I cave only the part that plays any role in this authentication. I'd
>> probably find a way to make it happen anyway but I want make sure  
>> it there
>> is no way to make it with DefaultSimultaneousUse. Radiator  
>> version: 3.5
>> Rgds.
>> Toomas
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list