uma conexao por usuário

[wifi]

Pessoal configurei o pppoe para autenticar os usuarios e receberem um ip fixo... até aí tudo bem..
mais como eu seto o paramentro no pppoe-server-options para
aceitar somente 1 conexao por usuario/senha ?



Obrigado.

[PatrickBrandao]

Nao tem opcao assim no pppoe.
Voce pode fazer isso no radius, limitando o Simultaneous-Use,
leia meu artigo sobre freeradius e implemente: www.patrick.eti.br

[jrlinux]

Aqui vamso fazer algumas alterções para deixar o login simultaneo bloqueado
e o bloqueio por sql habilitados.

Para habilitar o login simultaneo, precisamos editar primeiro o
radiusd.conf

#/usr/local/etc/raddb/radiusd.conf

Procure no final do arquivo, a parte que trata do login simultneo:

# Session database, used for checking Simultaneous-Use. Either the radutmp
# or rlm_sql module can handle this.
# The rlm_sql module is *much* faster
session {
# radutmp

#
# See "Simultaneous Use Checking Querie" in sql.conf
sql
}


Agora, vamos editr o sql.conf

#/usr/local/etc/raddb/sql.conf

Procure a linha responsavel pelas queries de login simultaneo:

descomente as linhas

#######################################################################
# Simultaneous Use Checking Queries
#######################################################################
# simul_count_query - query for the number of current connections
# - If this is not defined, no simultaneouls use checking
# - will be performed by this module instance
# simul_verify_query - query to return details of current connections for verification
# - Leave blank or commented out to disable verification step
# - Note that the returned field order should not be changed.
#######################################################################

# Uncomment simul_count_query to enable simultaneous use checking
===>> simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
===>> simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"

Prontinho ..rapido e indolor.


Agora vamos inserir o bloqueio por sql

vamos adicoinar mais um campo na tabela radcheck. Esse campo soh pode ser preenchidop com Y ou N.
Se ele tiver em Y o user autentic, em N ele barra o acesso.
no prompt do mysql:

mysql - u root -p:
password:

mysql> ALTER TABLE radcheck ADD enable enum('Y','N') NOT NULL DEFAULT 'Y';
Query OK, 3 rows affected (0.00 sec)
Records: 3 Duplicates: 0 Warnings:
mysql>quit;

Pronto...agora eh soh acrescentar checagem do campo das instruções sql.

#/usr/local/etc/raddb/sql.conf

Ache a querie responsavel pel checagem dos users...

# The default queries are case insensitive. (for compatibility with
# older versions of FreeRADIUS)
authorize_check_query = "SELECT id, UserName, Attribute, Value, op \
FROM ${authcheck_table} \
WHERE Username = '%{SQL-User-Name}' \
ORDER BY id"

e acrescente AND enable = 'Y'
dessa forma:

# The default queries are case insensitive. (for compatibility with
# older versions of FreeRADIUS)
authorize_check_query = "SELECT id, UserName, Attribute, Value, op \
FROM ${authcheck_table} \
WHERE Username = '%{SQL-User-Name}' AND enable = 'Y' \
ORDER BY id"


###################################################################################