AuthBy RADIUS and Session Database

tomdaly at metro2000.net tomdaly at metro2000.net
Tue Jun 24 01:20:26 CDT 2008 

Hi,
I am running Radiator-2.18.4 on two boxes that are talking to a centrally
located mySQL server that contains our Session Database. We are using
ClientType TotalControlSNMP and AscendSNMP to query our NAS boxes.

We are using these radius boxes as proxy servers for our Wholesales Dialup
service offering, so we have many realms communicating back to many
<AuthBy RADIUS> clauses. We are enforcing a DefaultSimultaneous 1 in the
<AuthBy RADIUS> clause. Responses coming back from the Proxied Radius
Servers do not include a Simultaneous-Use=1 statement. There is a
Port-Limit=4 statement.

Having said that, it is my belief that a user that is logged in, and shown
in the session database, should not be permitted to log in. This is not
the case here. The user recieves an access accept.

A level 4 trace showed me that we do not do a SELECT against the Session
Database or a SNMPGET to the NASes to see if the user is online. Is this
the behavior of <AuthBy RADIUS>?

Is there a way to fix this so simultaneous use will be enforced?
Suggestions?

Thanks,
Tom Daly

--
Tom Daly
Network Operations / Systems Administrator
G4 Communications Corp.
V: 603.296.4413 / F: 603.647.7576
E: tom at g4.net / W3: www.g4.net

-------------------------------------------------------

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc 
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list