Good day.
There is the following configuration:
RADIUS01 machine:
centos7 + freeradius 3.0.4 + mariadb 10 + galera.
RADIUS02 machine:
centos7 + freeradius 3.0.4 + mariadb 10 + galera
LDAP-MASTER machine:
centos7 + 389-fds (ldap).
SQL databases are replicated using galera.
Authorization of users happens through LDAP, and accounting is written to mysql (tried to use radutmp ).
Task: to limit the user to one session. As I understand it, the Simultaneous-Use flag is used for this, which should be checked when processing Accounting-Request Acct-Status-Type=start . To do this in / etc / raddb / users:
DEFAULT Simultaneous-Use := 1 Fall-Through = 1 in /etc/raddb/clients.conf:
client my_net { ipaddr = 192.168.0.0/24 nas_type = other } in /etc/modukes-config/sql/mysql/queries.conf uncommented simul_count_query and simul_verify_query
But nothing good happens: the user can request authorization many times and always receives a positive response, Acct-Status-Type=start is always accepted (an entry is made to the radacct table — if there is such an entry, the sql module simply updates the time fields access), checkrad and simul_*_query not called.
Actually - how to limit the user to one session?
