Currently I am trying to setup the Simultaneous-Use := 1 functionality to limit users to one session. I currently am trying to do it where it just queries the SQL session database in the radacct table. I have ucommented the following sql entries in the sections from /etc/freeradius/3.0/sites-enabled/default
Code: Select all
accounting {
sql
}
session {
sql
}
I also uncommented the simul_count_query in /etc/freeradius/3.0/mods-config/sql/main/mysql/queries.conf
Code: Select all
simul_count_query = "\
SELECT COUNT(*) \
FROM ${acct_table1} \
WHERE username = '%{SQL-User-Name}' \
AND acctstoptime IS NULL"
Code: Select all
root@radius:/# radtest 00:50:79:66:68:04 Accept 127.0.0.1 1812 testing123
Sent Access-Request Id 60 from 0.0.0.0:44564 to 127.0.0.1:1812 length 87
User-Name = "00:50:79:66:68:04"
User-Password = "Accept"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = "Accept"
Received Access-Reject Id 60 from 127.0.0.1:1812 to 127.0.0.1:44564 length 63
Reply-Message = "You are already logged in - access denied"
(0) -: Expected Access-Accept got Access-Reject
The problem is coming in however when I try to connect to the radius server with a VPC and a Mikrotik router in GNS3 that are configured with the same MAC address. The user info is set up via MAC authorization so they both are requesting with the same User-Name = '00:50:79:66:68:04'. I can have one connect fine and it receives and IP address and when I try to connect with the second device instead of getting rejected from the Simultaneous-Use := 1 check attribute like the radtest it connects and receives an IP address. I now have two devices that are assigned the same IP. I have determined that part of the problem is that when the second device sends it's request it is not an Access-Request. Below are the request entries from the freeradius -X (debugging) output.
Code: Select all
(0) Received Access-Request Id 145 from 100.x.x.x:46068 to 100.x.x.y:1812 length 207
(1) Received Accounting-Request Id 146 from 100.x.x.x:54130 to 100.x.x.y:1813 length 229
(2) Received Accounting-Request Id 147 from 100.x.x.x:34431 to 100.x.x.y:1813 length 235
(3) Received Accounting-Request Id 148 from 100.x.x.x:44071 to 100.x.x.y:1813 length 229
Attached I have the full outputs of my Freeradius -X debugging.