- This topic is empty.
-
Posts
-
I tried connecting several hosts with one user/pass.
They work all at the same time.
Is there option to limit the number of users with one user/pass?
Whats the use of the user/pass thing at the Radius if someone can tell his user/pass to everyone?The captive portal manages this option, but the radius server is not configured to set the Simultaneous-Use parameter to 1.
Regards
FulvioI want just a clean Radius server and smooth and unattended connecting of the clients that have their user/pass recorded in their client software. I see Captive Portal has the option for Simultaneous Connections with enable/disable. I haven’t used it so far I don’t quite like captive portal and all those logging things with web browsers. Is there option to configure the radius server to accept only one connection per user/pass?
You should look at the FreeRadius documentation. You just have to change the /etc/raddb/users file to add the
Simultaneous-Use = 0
I will try to make this option configurable via web interface.
Regards
FulvioI was reading this…
http://freeradius.org/radiusd/doc/Simultaneous-Use
I tried this…
http://bitless.mk/comments
but it seems it’s not working…Try to uncomment the first to lines of the file /etc/raddb/users and put there the new RADIUS attributes.
DEFAULT Auth-Type = LDAP
Fall-Through = Yes
Simultaneous-Use = 0I made the changes…
http://bitless.mk/comments/comment007.jpg
Still no luck. I connected 2 computers with same user/pass.
πYou can try to debug by using the command
radtest user password 127.0.0.1 1 ZeroShell
Regards
FulvioI tried it and getting denials for wrong user/pass,
and approval for correct user/pass.
But still… the issue about Simultaneous-Use remains.
I better wait for that web change,
since I’m not good at programming.
I had the luck to live in country where
those that know are few and wouldn’t help learning.
πCan you please try finding the solution for this? I really had a hard time trying to find a solution, but none of it works. π I don’t see the point of having a radius server if everyone can connect to it with one user/pass. It’s the same as if I have set WPA-PSK on the wireless router. One pass and everyone connects. π
I do see what you want to do. But just to clearify the radius serser’s responibility it to authenticate users saying good or no good. it’s the nas client that desides if one user should be able to connect one or many times simul… the radius server doesn’t know if the client to the nas client is still connected or not.
For that the nas client has to provide accounting but that is another story.
The sollution in radius only senarios is OTP…Well… I tried to read some articles about this, but it was too difficult for me to understand. The radius server has to be configured somehow everytime it gets a request for authorization to check (i guess at the nas client) if the user is already connected and get a result. If the result is negative (meaning that no one is connected with that user/pass), it should grant the access… if the result is positive (meaning that someone is already connected with that user/pass) it should deny access.
I was reading several articles at freeradius, tried to change something, but I ended messing up something and had to rebuild my zeroshell server once again in VMware. π
- You must be logged in to reply to this topic.