Radius problem

Home Page Forums Network Management ZeroShell Radius problem

This topic contains 18 replies, has 0 voices, and was last updated by  Selanec 10 years, 7 months ago.

Viewing 15 posts - 1 through 15 (of 20 total)
  • Author
    Posts
  • #41119

    Selanec
    Member

    I tried connecting several hosts with one user/pass.
    They work all at the same time.
    Is there option to limit the number of users with one user/pass?
    Whats the use of the user/pass thing at the Radius if someone can tell his user/pass to everyone?

    #46694

    imported_fulvio
    Participant

    The captive portal manages this option, but the radius server is not configured to set the Simultaneous-Use parameter to 1.

    Regards
    Fulvio

    #46695

    Selanec
    Member

    I want just a clean Radius server and smooth and unattended connecting of the clients that have their user/pass recorded in their client software. I see Captive Portal has the option for Simultaneous Connections with enable/disable. I haven’t used it so far I don’t quite like captive portal and all those logging things with web browsers. Is there option to configure the radius server to accept only one connection per user/pass?

    #46696

    imported_fulvio
    Participant

    You should look at the FreeRadius documentation. You just have to change the /etc/raddb/users file to add the

    Simultaneous-Use = 0

    I will try to make this option configurable via web interface.

    Regards
    Fulvio

    #46697

    Selanec
    Member

    I was reading this…
    http://freeradius.org/radiusd/doc/Simultaneous-Use
    I tried this…
    http://bitless.mk/comments
    but it seems it’s not working…

    #46698

    imported_fulvio
    Participant

    Try to uncomment the first to lines of the file /etc/raddb/users and put there the new RADIUS attributes.

    DEFAULT Auth-Type = LDAP
    Fall-Through = Yes
    Simultaneous-Use = 0

    #46699

    Selanec
    Member

    I made the changes…
    http://bitless.mk/comments/comment007.jpg
    Still no luck. I connected 2 computers with same user/pass.
    🙁

    #46700

    imported_fulvio
    Participant

    You can try to debug by using the command

    radtest user password 127.0.0.1 1 ZeroShell

    Regards
    Fulvio

    #46701

    Selanec
    Member

    I tried it and getting denials for wrong user/pass,
    and approval for correct user/pass.
    But still… the issue about Simultaneous-Use remains.
    I better wait for that web change,
    since I’m not good at programming.
    I had the luck to live in country where
    those that know are few and wouldn’t help learning.
    🙁

    #46702

    imported_fulvio
    Participant

    Let me find a solution and I will post it here.

    Fulvio

    #46703

    Selanec
    Member

    Did you find a solution for this?
    Have you fixed it in v.11?

    #46704

    imported_fulvio
    Participant

    No,I have not yet.

    Regards
    Fulvio

    #46705

    Selanec
    Member

    Can you please try finding the solution for this? I really had a hard time trying to find a solution, but none of it works. 🙁 I don’t see the point of having a radius server if everyone can connect to it with one user/pass. It’s the same as if I have set WPA-PSK on the wireless router. One pass and everyone connects. 🙁

    #46706

    I do see what you want to do. But just to clearify the radius serser’s responibility it to authenticate users saying good or no good. it’s the nas client that desides if one user should be able to connect one or many times simul… the radius server doesn’t know if the client to the nas client is still connected or not.

    For that the nas client has to provide accounting but that is another story.
    The sollution in radius only senarios is OTP…

    #46707

    Selanec
    Member

    Well… I tried to read some articles about this, but it was too difficult for me to understand. The radius server has to be configured somehow everytime it gets a request for authorization to check (i guess at the nas client) if the user is already connected and get a result. If the result is negative (meaning that no one is connected with that user/pass), it should grant the access… if the result is positive (meaning that someone is already connected with that user/pass) it should deny access.
    I was reading several articles at freeradius, tried to change something, but I ended messing up something and had to rebuild my zeroshell server once again in VMware. 🙁

Viewing 15 posts - 1 through 15 (of 20 total)

You must be logged in to reply to this topic.