[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Radiusplugin-users] Hello "duplication User connected,
From: |
Steffen Weinreich |
Subject: |
Re: [Radiusplugin-users] Hello "duplication User connected, |
Date: |
Tue, 29 Jun 2010 21:30:49 +0200 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1.10) Gecko/20100512 Thunderbird/3.0.5 |
Am 29.06.2010 19:45, schrieb Ralf Lübben:
Hmmm, from my experience with the Radius Authorization and Accounting,
it could be difficult to implement a Session Limit per User.
The main issue is that on a reconnect/rauth you have a overlapping time
where the old session is not closed and the new session is already
connecting, therefore the first reconnext/reauth will always fail if you
limit the sessioncount to 1.
We have solved this by assigning a static ip to each connecting user, it
works for our case but your mileage will vary..
cheerio
Steve
> Maybe it is
>
> simul_count_query = "SELECT COUNT(*) \
> FROM ${acct_table1} \
> WHERE username = '%{SQL-User-Name}' \
> AND acctstoptime IS NULL \
> AND acctsessionid != '%{Acct-Session-Id}' "
>
>
>
> Am Dienstag, 29. Juni 2010, um 16:17:45 schrieb sekchel lee:
>
>> Dear Ralf Lübben Thank very much
>>
>> mysql.log
>>
>> 100628 0:47:46 [Warning] option 'max_join_size': unsigned value
>> 18446744073709551615 adjusted to 4294967295
>> 100628 0:47:46 [Warning] option 'max_join_size': unsigned value
>> 18446744073709551615 adjusted to 4294967295
>> 100628 0:47:46 InnoDB: Started; log sequence number 0 43655
>> 100628 0:47:47 [Note] /usr/libexec/mysqld: ready for connections.
>> Version: '5.0.77' socket: '/var/lib/mysql/mysql.sock' port: 3306 Source
>> distribution
>>
>>
>> openv-vpn-server.conf
>>
>> reneg-sec 60 ==> (Used limit time for user)
>>
>> ----
>> ---- duplication user limit
>> ----
>> session ==> sql
>>
>> sql.conf
>> simul_count_query = "SELECT COUNT(*) \
>> FROM ${acct_table1} \
>> WHERE username = '%{SQL-User-Name}' \
>> AND acctstoptime IS NULL \
>> AND acctsessionid != '%{SQL-Session-Id}'"
>>
>> test user connect
>>
>> rlm_sql (sql): sql_set_user escaped user --> 'test'
>> WARNING: Attempt to use unknown xlat function, or non-existent attribute in
>> string %{SQL-Session-Id}
>> radius_xlat: 'SELECT COUNT(*) FROM
>> radacct WHERE
>> UserName='test' AND AcctStopTime IS
>> NULL AND acctsessionid != '''
>>
>>
>> 1 minute......................
>>
>> renegotiation .......
>>
>> openvpn.log
>>
>> Tue Jun 29 22:57:59 2010 test/2xx.xx.1xx.252:1444 TLS: soft reset sec=0
>> bytes=15510/0 pkts=130/0
>> Tue Jun 29 22:57:59 2010 RADIUS-PLUGIN: FOREGROUND THREAD:
>> isAuthenticated()1Tue Jun 29 22:57:59 2010 RADIUS-PLUGIN: FOREGROUND
>> THREAD: isAcct()1Tue Jun 29 22:58:00 2010 RADIUS-PLUGIN: Got no response
>> from radius server.
>> Tue Jun 29 22:58:00 2010 RADIUS-PLUGIN: FOREGROUND THREAD: Error ar
>> rekeying!
>> Tue Jun 29 22:58:00 2010 Error: RADIUS-PLUGIN: BACKGROUND AUTH: Auth
>> failed!.
>> Tue Jun 29 22:58:00 2010 RADIUS-PLUGIN: FOREGROUND THREAD: Error receiving
>> auth confirmation from background process.
>> Tue Jun 29 22:58:00 2010 test/2xx.xx.1xx.252:1444 PLUGIN_CALL: POST
>> /etc/openvpn/radiusplugin.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
>> Tue Jun 29 22:58:00 2010 test/2xx.xx.1xx.252:1444 PLUGIN_CALL: plugin
>> function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1:
>> /etc/openvpn/radiusplugin.so
>> Tue Jun 29 22:58:00 2010 test/2xx.xx.1xx.252:1444 TLS Auth Error: Auth
>> Username/Password verification failed for peer
>> Tue Jun 29 22:58:00 2010 test/2xx.xx.1xx.252:1444 Control Channel: TLSv1,
>> cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
>>
>> radiusd -X.........................
>>
>> rlm_sql (sql): Reserving sql socket id: 0
>> radius_xlat: 'test'
>> rlm_sql (sql): sql_set_user escaped user --> 'test'
>> radius_xlat: 'BEGIN'
>> radius_xlat: 'test'
>> rlm_sql (sql): sql_set_user escaped user --> 'test'
>> radius_xlat: 'UPDATE radippool SET NASIPAddress = '', pool_key = 0,
>> CallingStationId = '', expiry_time = NOW() - INTERVAL 1 SECOND WHERE
>> NASIPAddress = '127.0.0.1' AND pool_key = '1' AND UserName = 'test'
>> AND CallingStationId = '2xx.8x.1xx.252' AND FramedIPAddress =
>> '1xx.1xx.1xx.93''
>> radius_xlat: 'test'
>> rlm_sql (sql): sql_set_user escaped user --> 'test'
>> radius_xlat: 'COMMIT'
>> rlm_sql (sql): Released sql socket id: 0
>> modcall[accounting]: module "sqlippool" returns ok for request 5
>> radius_xlat: 'test'
>> rlm_sql (sql): sql_set_user escaped user --> 'test'
>> radius_xlat: ' UPDATE radacct SET AcctStopTime
>> = '2010-06-28 15:31:42', AcctSessionTime =
>> '61', AcctInputOctets = '0' << 32
>>
>> | '8056', AcctOutputOctets
>>
>> = '0' << 32 | '4782',
>> AcctTerminateCause = '', AcctStopDelay = '0',
>> ConnectInfo_stop = '' WHERE AcctSessionId =
>> '59014A407775C975B63498451AD111B4' AND UserName =
>> 'test' AND NASIPAddress = '127.0.0.1''
>> rlm_sql (sql): Reserving sql socket id: 3
>> rlm_sql (sql): Released sql socket id: 3
>> modcall[accounting]: module "sql" returns ok for request 5
>> modcall: leaving group accounting (returns ok) for request 5
>> Sending Accounting-Response of id 171 to 127.0.0.1 port 43491
>> Finished request 5
>> Going to the next request
>> Sending Access-Reject of id 24 to 127.0.0.1 port 52948
>> Reply-Message := "\r\nYou are already logged in - access
>> denied\r\n\n"
>>
>
> _______________________________________________
> Radiusplugin-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
>