Can someone give me a hint how to solve following:
We are using PPPoE server with FreeRadius autentification and we are using Simultaneous Use Checking. We are limiting number of simultaneous connections to 1.
The problem is in nonstandard situation when PPPoE server is nonstandardly restarted and there will stay open sessions on the radius. New connections are unauthorized because of simultaneous checking. We must manually delete open sessions. Is it possible to solve it automatically ?
You must use checkrad to solve this problem.
Freeradius check radwtmp table (or sql session table) first if found a problem ( simul user) then tried to verify it with checkrad.
If checkrad not verify it(because of reboot) then correct their session log and allow user.
devrim
Hi Devrim,
can U explain in detail this configuration?
many thanks..
yes please, can you provide more details?
You can find detailed info from freeradius source
freeradius-1.x.x/doc/Simultaneous-Use is your key file.
The server keeps a list of logged-in users in the /var/log/radutmp file. This is also called "the session database". When you execute "radwho", all that radwho really does is list the entries in this file in a pretty format. Only when someone tries to login who already has an active session according to the radutmp file, the server executes the perl script /usr/local/sbin/checkrad (or /usr/sbin/checkrad, it checks for the presence of both and in that order). This script queries the terminal server to see if the user indeed already has an active session.
The script uses SNMP for Livingston Portmasters and Ciscos, finger for Portslave, Computone and Ascend, and Net::Telnet for USR/3Com TC.
Since the script has been witten in perl, it's easy to adjust for any type of terminal server. There are implementations in the script for checks using SNMP, finger, and telnet, so it should be easy to add your own check routine if your terminal server is not supported yet.
Additionally you can use sql for sessions. But all case you must use checkrad.
checkrad have telnet and snmp options for mikrotik
You can get more info from checkrad script.
(One more hint : snmp get ifDescr from mikrotik PPPoE tunnels appear at interface section. So you can get who is logged from this way)
Thats all
devrim
Thank you, it works fine. The only problem is that the checkrad.pl script is very ineffective because it must read all interfaces from PPPoE server. Will MikrotIK update SNMP version to be able to find interface by its name?
The radius client should send an start accounting when they boots up.
The radius server should delete all users that match the NAS sending the start acconuting message.
Which version of SNMP should I set in Routeros?