Hi,
I have MT and External Freeradius. Radius user are working fine, But the problem is radius user are able to authenticate multiple times. We want to allow him one time use, if he trying same credentials second time radius should not allow him. and I have checked attributes Session-Timeout also, but user are able to relogin. Please advise
This is a function of the RADIUS server, not the Mikrotik.
You should search for information on how to implement OTP in FreeRADIUS as such solutions are out there.
You may also look into using the post-auth phase of the FreeRADIUS server’s configuration - create a script that disables a user if they’re in a group of one-time-only logins, and execute that in the post-auth block.
Thank you for your Reply, I understand that this function is of Radius server. I have not understand your suggestion of FreeRadius Can you please Elaborate your suggestion, Your help will be highly appreciated.
It’s been at least 5 years since I’ve been down in the gears of FreeRadius - so I only have some vague recollections, but basically there’s a section in the configuration where you define the actions for preauth, auth, postauth. I think you have to define it as an action/module/something-or-other in one place, and activate it in the postauth, but the general idea is:
Make a shell script that disables an account when you run the script. When you can run the script by hand and successfully deactivate accounts, then put a call to your script into FreeRadius at the right place. I wish I could say that the FreeRadius docs/community were as helpful as the Mikrotik community, but I can’t say that… (unless things have changed a lot in the past few years)