Multiple logins on my Radius

RouterOS General
1

Morning

I was hoping someone could help me with something.
From one of my towers, and only one, i seem to have an issue with my radiusmanager machine.

with this particular tower i have an issue that the radius is not releasing the previous IPs for the client, in effect i thinks the clients that come in from that tower are connecting with multiple sessions. this only seems to be happening with one of my towers and none of the rest.

i have run several tests to try and find the issue:
I have tried restarting the radius
Restarted the tower.
tried logging the client off from the radius
tried having the client authenticate from the tower itself but the radius still thinks the client is logged in

nothing seems to remove those extra sessions

If anyone know what is going on, i would really appreciated it

2

Have you enabled radius logging in the suspect router?

/system logging
add topics=radius,debug action=memory

Then watch the log as clients log in and out. Maybe that will give you a clue.

3

thanks

I’ll look into that but first it seems i need the guys for radius manager to sort out my radius, there appears to be a few problem s with it. once those issue are sorted i’ll come back to this problem, at least then i won’t have that nagging voice in the back of my head

4

OK. I’ll set “Notify me” on this thread.

You did set the radius timeout to 2 seconds on that router, correct? It appears by the docs on radius manager it uses FreeRADIUS 2. That version uses a Access-Reject delay that will cause the radius server to timeout if the login fails.

/radius
print detail
set 0 timeout=2s

It may help radius manager tech support if you do the radius logging on that router, then send them the output.

5

yes, i have noticed that i left the timeout to 1 sec however this may have been part of the problem but i don’t think it is the actual one.
I have now moved those clients off of the radius and onto the tower until i can fix this issue but even though the clients are no longer connecting to the radius it still tells me they are online when it should be saying they are offline

6

Which is the “it” you are talking about? Do you mean the MT router is indicating the client is still logged in? Is that what you are seeing in the “/ip hotspot active” output?

Did you enable the radius debugging in “/system logging”?

7

sorry, i was referring to the radiusmanager. even though these clients from the problem tower are no longer authenticating from the radius, the radius still says they are connected through itself

8

Did you enable radius debug logging on the router?

Those are probably stale sessions. They do not clear up on their own. You need to check who is “logged in” with radwho and delete the stale sessions with radzap. From a command prompt on the radius server:

radwho
radzap -u username 127.0.0.1 radiussecret

add: Then you need to figure out why the logout messages from the router are not getting through to the radius server. Unless you enable radius debug logging, you are guessing.

9

I’ll do so, when i can. i am one man in my office and i’m constantly being shuffled from one problem to the next, currently i have taken those users off the radius and put the problem on the back burner till i can get back to the issue.

i’m marking this thread so that when i can i’ll go over what you have suggested and find this problem

thanks for the help :smiley:

10

Good deal! Then I’m going surfing! :smiley:

I’ll watch for the results.

11

howzit

Just thought i’d mention, the problem was sitting on the old radius server.

The new one does not appear to be having the same issue

thanks for the help

12

Hi Guru’s,


This topic helps me, but I still having some problems yet.

My trouble is. I have one user that don’t authenticate. On the “radwho” this user don’t shows logged, and on the radius log (syslog) shows “Multiple logins (max 1)”

I have run all commands that are explained on this topic, and here are the output os them:

radwho and radzap:

# radwho | grep -ir "paul@login"

→ Jump for the console again, and don’t show anything.

# radzap -u paul@login 127.0.0.1 mk-auth
radclient: Nothing to send.

syslog:

freeradius[19804]: Multiple logins (max 1) : [paul@login/pass] (from client RADIUS port 2147486372 cli 00:1C:BF:C6:1D:0E)

RB log output:

13:09:32 radius,debug new request 3f:2a30c code=Access-Request service=hotspot called-id=hotspot1 
13:09:32 radius,debug sending 3f:2a30c to 122.22.11.2:1812 
13:09:32 radius,debug,packet sending Access-Request with id 140 to 122.22.11.2:1812 
13:09:32 radius,debug,packet     Signature = 0x736d0dcd43cacbd63882c1a113e6a94c 
13:09:32 radius,debug,packet     NAS-Port-Type = 19 
13:09:32 radius,debug,packet     Calling-Station-Id = "00:1C:BF:C6:1D:0E" 
13:09:32 radius,debug,packet     Called-Station-Id = "hotspot1" 
13:09:32 radius,debug,packet     NAS-Port-Id = "wlan1" 
13:09:32 radius,debug,packet     User-Name = "paul@login" 
13:09:32 radius,debug,packet     NAS-Port = 2147486372 
13:09:32 radius,debug,packet     Acct-Session-Id = "80000aaa" 
13:09:32 radius,debug,packet     Framed-IP-Address = 172.17.35.13 
13:09:32 radius,debug,packet     MT-Host-IP = 172.17.35.13 
13:09:32 radius,debug,packet     User-Password = 0x6a6f616f766963746f72 
13:09:32 radius,debug,packet     Service-Type = 1 
13:09:32 radius,debug,packet     WISPr-Logoff-URL = "http://172.17.35.254/logout" 
13:09:32 radius,debug,packet     NAS-Identifier = "RADIUS-035" 
13:09:32 radius,debug,packet     NAS-IP-Address = 10.1.201.35 
13:09:33 radius,debug,packet received Access-Reject with id 140 from 122.22.11.2:1812 
13:09:33 radius,debug,packet     Signature = 0xddbcedbdc9b6135965db76b5aa7cbe55 
13:09:33 radius,debug,packet     Reply-Message = 0x0d0a596f752061726520616c72656164 
13:09:33 radius,debug,packet       79206c6f6767656420696e202d206163 
13:09:33 radius,debug,packet       636573732064656e6965640d0a0a 
13:09:33 radius,debug received reply for 3f:2a30c

This is the version of my FreeRADIUS server:

# freeradius -v
freeradius: FreeRADIUS Version 2.1.10, for host x86_64-pc-linux-gnu, built on Sep 24 2012 at 17:58:57
Copyright (C) 1999-2010 The FreeRADIUS server project and contributors.

Anyone can help me, please?

Thanks!!