radiusplugin-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Radiusplugin-users] Is this a bug or what?

From: Ralf Lübben
Subject: Re: [Radiusplugin-users] Is this a bug or what?
Date: Sun, 30 May 2010 09:58:19 +0200
User-agent: KMail/1.12.2 (Linux/2.6.31-21-generic; KDE/4.3.2; i686; ; ) 
Hi,

the problem occurs because of the re-authentication.

The reply-message (You are already logged in - access denied) is a RADIUS-
ATTRIBUTE which is created by the RADIUS server.

One possible solution can be based on the "session-id" attribute, which is a 
per session unique id created by the plugin.

The SQL statement could similar to:

simul_count_query = "SELECT COUNT(*) \
                             FROM ${acct_table1} \
                             WHERE username = '%{SQL-User-Name}' \
                             AND acctstoptime IS NULL \
                             AND sessionid != '%{SQL-Session-Id}'

When a reykeying occurs "simul_count_query" equals zero. If the same user 
opens a new session, it equals one.


Regards
Ralf

 

Am Sonntag, 30. Mai 2010 05:14:11 schrieben Sie:
> Hi,
> 
> Sorry forgot to use reply all...
> 
> Here's my verb7 log: http://pastebin.com/JMJA5Jah
> 
> And I'm using radiusplugin 2.1 beta9
> 
> Yes I set acct-Interim-Interval to 600
> 
> On Sun, May 30, 2010 at 2:06 AM, Ralf Lübben <address@hidden> wrote:
> > Hi,
> >
> > I don't think it is a bug. The current version of the plugin should be
> > able to
> > handle simultaneous logins.
> >
> > Which plugin version do you use?
> >
> > At the reykeying the plugin re-authenticates the user, you should see
> > RADIUS
> > ACCESS-REQUEST packets but no  RADIUS ACCOUNTING packets.
> >
> > Do you have configured the RADIUS attribute "Acct-Interim-Interval"? Then
> > you
> > should see periodic RADIUS accounting messages, but they are not related
> > to reykeying event.
> >
> >
> > Which instance does create the message "already log in"? Is it the
> > plugin? (It
> > should contain the prefix PADIUSPLUGIN ...)
> >
> > Can you send me the OpenVPN log file? The verbosity level should be at 7,
> > so
> > the plugin also writes debugging information to the log file.
> >
> > Regards
> > Ralf
> >
> > Am Freitag, 28. Mai 2010 13:46:42 schrieb yegle:
> > > Hi list,
> > >
> > > I'm using OpenVPN radiusplugin, and I found this problem days ago.
> > >
> > > Every hour openvpn server will attempt to rekey to client, at this time
> > > radiusplugin will made an Accounting-Request to openvpn server.
> > > But I have set up Simultaneous-Use,thus the plugin will get an "already
> >
> > log
> >
> > > in" reply message.
> > >
> > > So openvpn client will disconnect every hour and ping-restart itself.
> > >
> > > The default SQL to check Simultaneous-Use is:
> > >
> > >     simul_count_query = "SELECT COUNT(*) \
> > >                              FROM ${acct_table1} \
> > >                              WHERE username = '%{SQL-User-Name}' \
> > >                              AND acctstoptime IS NULL"
> > >
> > > which definately will cause problem if radiusplugin post
> >
> > Accounting-Request
> >
> > > when rekeying.
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]