[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: sql ldap simultaneous-use
From: mcury via Freeradius-Users <freeradius-users () lists ! freeradius ! org>
Date: 2022-12-23 19:58:51
Message-ID: X6GVSLLxthUU0G4kQWhbmvl8P0Mo8-7xTJdeM-b6f-LzeVb3WuyCUQbgv8xqhG6mJG533O0a5H2SEVkQ-6FH5R8cUKZrOQqV7OjgEL6VnTY= () protonmail ! com
[Download RAW message or body]
I really appreciate your help. Its working now :)
(94) Reply-Message := "You are already logged in - access denied"
(94) eap_peap: Got tunneled reply code 3
(94) eap_peap: Reply-Message := "You are already logged in - access denied"
(94) eap_peap: Got tunneled reply RADIUS code 3
(94) eap_peap: Reply-Message := "You are already logged in - access denied"
(94) eap_peap: Tunneled authentication was rejected
(94) eap_peap: FAILURE
(94) eap: Sending EAP Request (code 1) ID 246 length 46
(94) eap: EAP session adding &reply:State = 0xe567fa8aec91e376
(94) [eap] = handled
> You just do:
>
> control:Simultaneous-Use += radiusSimultaneousUse
I was so close ehhe
Thank you so much, and happy holidays :)
Best regards, Marcelo.
------- Original Message -------
On Friday, December 23rd, 2022 at 16:27, Alan DeKok <aland@deployingradius.com> \
wrote:
> On Dec 23, 2022, at 1:32 PM, mcury via Freeradius-Users \
> freeradius-users@lists.freeradius.org wrote:
> > Hi, I'm new to freeradius, currently trying to enforce simultaneous-use = 1 in my \
> > wireless network but it is not working. unifi access point > freeradius > \
> > samba-ad-dc
> > ...
> > I'm using LDAP for authentication through post-auth section in \
> > sites-available/default file using Unlang and its working perfectly.
>
>
> OK, that's good.
>
> > (11) if (LDAP-Group == "wifi_users" && NAS-IP-Address == "172.16.200.3") -> TRUE
> > (11) if (LDAP-Group == "wifi_users" && NAS-IP-Address == "172.16.200.3") {
> > (11) update {
> > (11) control:Simultaneous-Use := 1
>
>
> That sets Simultaneous-Use as necessary.
>
> > (11) reply:Class := 0x776966695f7573657273
> > (11) } # update = noop
> > (11) [noop] = noop
> > (11) } # if (LDAP-Group == "wifi_users" && NAS-IP-Address == "172.16.200.3") = \
> > noop (11) ... skipping elsif: Preceding "if" was taken
> > (11) } # post-auth = ok
> > (11) Sent Access-Accept Id 77 from 192.168.255.241:1812 to 172.16.200.3:38173 \
> > length 187
> > LDAP attribute map as per below:
> > mods-available/ldap:
> > update {
> > ...
> > control:Simultaneous-Use += 'radiusSimultaneousUse = 1'
>
>
> What is that?
>
> You don't set values in the ldap module configuration. You just do:
>
> control:Simultaneous-Use += radiusSimultaneousUse
>
> > sql is included inside session { section as per documentation.
> >
> > Any tips, perhaps I forgot something?
>
>
> Read the debug output to see what's going on. It prints out everything it does, and \
> why a user is allowed (or not) on the network.
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic