
- uma conexao por usuário
+ Responder ao Tópico
-
uma conexao por usuário
Pessoal configurei o pppoe para autenticar os usuarios e receberem um ip fixo... até aí tudo bem..
mais como eu seto o paramentro no pppoe-server-options para
aceitar somente 1 conexao por usuario/senha ?
Obrigado.
-
pppoe
Nao tem opcao assim no pppoe.
Voce pode fazer isso no radius, limitando o Simultaneous-Use,
leia meu artigo sobre freeradius e implemente: www.patrick.eti.br
-
Re: uma conexao por usuário
Aqui vamso fazer algumas alterções para deixar o login simultaneo bloqueado
e o bloqueio por sql habilitados.
Para habilitar o login simultaneo, precisamos editar primeiro o
radiusd.conf
#/usr/local/etc/raddb/radiusd.conf
Procure no final do arquivo, a parte que trata do login simultneo:
# Session database, used for checking Simultaneous-Use. Either the radutmp
# or rlm_sql module can handle this.
# The rlm_sql module is *much* faster
session {
# radutmp
#
# See "Simultaneous Use Checking Querie" in sql.conf
sql
}
Agora, vamos editr o sql.conf
#/usr/local/etc/raddb/sql.conf
Procure a linha responsavel pelas queries de login simultaneo:
descomente as linhas
#######################################################################
# Simultaneous Use Checking Queries
#######################################################################
# simul_count_query - query for the number of current connections
# - If this is not defined, no simultaneouls use checking
# - will be performed by this module instance
# simul_verify_query - query to return details of current connections for verification
# - Leave blank or commented out to disable verification step
# - Note that the returned field order should not be changed.
#######################################################################
# Uncomment simul_count_query to enable simultaneous use checking
===>> simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
===>> simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
Prontinho ..rapido e indolor.
Agora vamos inserir o bloqueio por sql
vamos adicoinar mais um campo na tabela radcheck. Esse campo soh pode ser preenchidop com Y ou N.
Se ele tiver em Y o user autentic, em N ele barra o acesso.
no prompt do mysql:
mysql - u root -p:
password:
mysql> ALTER TABLE radcheck ADD enable enum('Y','N') NOT NULL DEFAULT 'Y';
Query OK, 3 rows affected (0.00 sec)
Records: 3 Duplicates: 0 Warnings:
mysql>quit;
Pronto...agora eh soh acrescentar checagem do campo das instruções sql.
#/usr/local/etc/raddb/sql.conf
Ache a querie responsavel pel checagem dos users...
# The default queries are case insensitive. (for compatibility with
# older versions of FreeRADIUS)
authorize_check_query = "SELECT id, UserName, Attribute, Value, op \
FROM ${authcheck_table} \
WHERE Username = '%{SQL-User-Name}' \
ORDER BY id"
e acrescente AND enable = 'Y'
dessa forma:
# The default queries are case insensitive. (for compatibility with
# older versions of FreeRADIUS)
authorize_check_query = "SELECT id, UserName, Attribute, Value, op \
FROM ${authcheck_table} \
WHERE Username = '%{SQL-User-Name}' AND enable = 'Y' \
ORDER BY id"
###################################################################################