Re: [Radiusplugin-users] Hello "duplication User connected,

radiusplugin-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Radiusplugin-users] Hello "duplication User connected,

From:	Steffen Weinreich
Subject:	Re: [Radiusplugin-users] Hello "duplication User connected,
Date:	Tue, 29 Jun 2010 21:30:49 +0200
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1.10) Gecko/20100512 Thunderbird/3.0.5

Am 29.06.2010 19:45, schrieb Ralf Lübben:

Hmmm, from my experience with the Radius Authorization and Accounting,
it could be difficult to implement a Session Limit per User.

The main issue is that on a reconnect/rauth you have a overlapping time
where the old session is not closed and the new session is already
connecting, therefore the first reconnext/reauth will always fail if you
limit the sessioncount to 1.

We have solved this by assigning a static ip to each connecting user, it
works for our case but your mileage will vary..

cheerio
   Steve

> Maybe it is 
>
> simul_count_query = "SELECT COUNT(*) \
>                               FROM ${acct_table1} \
>                               WHERE username = '%{SQL-User-Name}' \
>                               AND acctstoptime IS NULL \
>                               AND acctsessionid != '%{Acct-Session-Id}' "
>
>
>
> Am Dienstag, 29. Juni 2010, um 16:17:45 schrieb sekchel lee:
>   
>> Dear Ralf Lübben Thank very much
>>
>> mysql.log
>>
>> 100628  0:47:46 [Warning] option 'max_join_size': unsigned value
>> 18446744073709551615 adjusted to 4294967295
>> 100628  0:47:46 [Warning] option 'max_join_size': unsigned value
>> 18446744073709551615 adjusted to 4294967295
>> 100628  0:47:46  InnoDB: Started; log sequence number 0 43655
>> 100628  0:47:47 [Note] /usr/libexec/mysqld: ready for connections.
>> Version: '5.0.77'  socket: '/var/lib/mysql/mysql.sock'  port: 3306  Source
>> distribution
>>
>>
>>  openv-vpn-server.conf
>>
>> reneg-sec 60   ==> (Used  limit time for user)
>>
>> ----
>> ---- duplication user limit
>> ----
>> session  ==> sql
>>
>> sql.conf
>> simul_count_query = "SELECT COUNT(*) \
>>                              FROM ${acct_table1} \
>>                              WHERE username = '%{SQL-User-Name}' \
>>                              AND acctstoptime IS NULL \
>>                              AND acctsessionid != '%{SQL-Session-Id}'"
>>
>> test user connect
>>
>> rlm_sql (sql): sql_set_user escaped user --> 'test'
>> WARNING: Attempt to use unknown xlat function, or non-existent attribute in
>> string %{SQL-Session-Id}
>> radius_xlat:  'SELECT COUNT(*)                              FROM
>> radacct                              WHERE
>> UserName='test'                              AND AcctStopTime IS
>> NULL                              AND acctsessionid != '''
>>
>>
>> 1 minute......................
>>
>> renegotiation .......
>>
>> openvpn.log
>>
>> Tue Jun 29 22:57:59 2010 test/2xx.xx.1xx.252:1444 TLS: soft reset sec=0
>> bytes=15510/0 pkts=130/0
>> Tue Jun 29 22:57:59 2010 RADIUS-PLUGIN: FOREGROUND THREAD:
>> isAuthenticated()1Tue Jun 29 22:57:59 2010 RADIUS-PLUGIN: FOREGROUND
>> THREAD: isAcct()1Tue Jun 29 22:58:00 2010 RADIUS-PLUGIN: Got no response
>> from radius server.
>> Tue Jun 29 22:58:00 2010 RADIUS-PLUGIN: FOREGROUND THREAD: Error ar
>> rekeying!
>> Tue Jun 29 22:58:00 2010 Error: RADIUS-PLUGIN: BACKGROUND  AUTH: Auth
>> failed!.
>> Tue Jun 29 22:58:00 2010 RADIUS-PLUGIN: FOREGROUND THREAD: Error receiving
>> auth confirmation from background process.
>> Tue Jun 29 22:58:00 2010 test/2xx.xx.1xx.252:1444 PLUGIN_CALL: POST
>> /etc/openvpn/radiusplugin.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
>> Tue Jun 29 22:58:00 2010 test/2xx.xx.1xx.252:1444 PLUGIN_CALL: plugin
>> function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1:
>> /etc/openvpn/radiusplugin.so
>> Tue Jun 29 22:58:00 2010 test/2xx.xx.1xx.252:1444 TLS Auth Error: Auth
>> Username/Password verification failed for peer
>> Tue Jun 29 22:58:00 2010 test/2xx.xx.1xx.252:1444 Control Channel: TLSv1,
>> cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
>>
>> radiusd -X.........................
>>
>> rlm_sql (sql): Reserving sql socket id: 0
>> radius_xlat:  'test'
>> rlm_sql (sql): sql_set_user escaped user --> 'test'
>> radius_xlat:  'BEGIN'
>> radius_xlat:  'test'
>> rlm_sql (sql): sql_set_user escaped user --> 'test'
>> radius_xlat:  'UPDATE radippool   SET NASIPAddress = '', pool_key = 0,
>> CallingStationId = '',   expiry_time = NOW() - INTERVAL 1 SECOND   WHERE
>> NASIPAddress = '127.0.0.1'   AND pool_key = '1'   AND UserName = 'test'
>> AND CallingStationId = '2xx.8x.1xx.252'   AND FramedIPAddress =
>> '1xx.1xx.1xx.93''
>> radius_xlat:  'test'
>> rlm_sql (sql): sql_set_user escaped user --> 'test'
>> radius_xlat:  'COMMIT'
>> rlm_sql (sql): Released sql socket id: 0
>>   modcall[accounting]: module "sqlippool" returns ok for request 5
>> radius_xlat:  'test'
>> rlm_sql (sql): sql_set_user escaped user --> 'test'
>> radius_xlat:  '           UPDATE radacct SET              AcctStopTime
>> = '2010-06-28 15:31:42',              AcctSessionTime    =
>> '61',              AcctInputOctets    = '0' << 32
>>
>> |                                   '8056',              AcctOutputOctets
>>
>> = '0' << 32 |                                   '4782',
>> AcctTerminateCause = '',              AcctStopDelay      = '0',
>> ConnectInfo_stop   = ''           WHERE AcctSessionId   =
>> '59014A407775C975B63498451AD111B4'           AND UserName          =
>> 'test'           AND NASIPAddress      = '127.0.0.1''
>> rlm_sql (sql): Reserving sql socket id: 3
>> rlm_sql (sql): Released sql socket id: 3
>>   modcall[accounting]: module "sql" returns ok for request 5
>> modcall: leaving group accounting (returns ok) for request 5
>> Sending Accounting-Response of id 171 to 127.0.0.1 port 43491
>> Finished request 5
>> Going to the next request
>> Sending Access-Reject of id 24 to 127.0.0.1 port 52948
>>         Reply-Message := "\r\nYou are already logged in - access
>> denied\r\n\n"
>>     
>
> _______________________________________________
> Radiusplugin-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
>

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Radiusplugin-users] Hello "duplication User connected,, sekchel lee, 2010/06/28
- Re: [Radiusplugin-users] Hello "duplication User connected,, Ralf Lübben, 2010/06/28
- Re: [Radiusplugin-users] Hello "duplication User connected,, sekchel lee, 2010/06/29
  - Re: [Radiusplugin-users] Hello "duplication User connected,, Ralf Lübben, 2010/06/29
    - Re: [Radiusplugin-users] Hello "duplication User connected,, Steffen Weinreich <=

Prev by Date: Re: [Radiusplugin-users] Hello "duplication User connected,
Previous by thread: Re: [Radiusplugin-users] Hello "duplication User connected,
Next by thread: [Radiusplugin-users] Backup Radius Servers
Index(es):
- Date
- Thread