How to fixe the number of concurrent logins per user in freeradius 3.0?

Question

I have deployed a freeradius server version 3.0 with MySQL and Daloradius in Ubuntu 20.04 LTS.

The situation is as follows: from a mobile phone I need to connect to an access point and authenticate to that WLAN network (802.11i-WPA-802.1x) using a username and password specified in the radius database.

I would like to limit the number of concurrent logins per user (user3 in this case) to 1 because i only have one unique user. I have spent a lot of time searching the forums and documentation, but can't find anything to figure it.

These are my tables:

    mysql> select * from nas; select * from radpostauth; select * from radacct; select * from radgroupcheck; select * from radcheck; select * from radgroupreply;
+----+-------------+-----------+-------+-------+----------+--------+-----------+---------------+
| id | nasname     | shortname | type  | ports | secret   | server | community | description   |
+----+-------------+-----------+-------+-------+----------+--------+-----------+---------------+
|  1 | 172.20.1.20 | AP_1      | other |  NULL | 12345678 | NULL   | NULL      | RADIUS Client |
+----+-------------+-----------+-------+-------+----------+--------+-----------+---------------+
1 row in set (0.00 sec)

+-----+----------+----------+---------------+---------------------+
| id  | username | pass     | reply         | authdate            |
+-----+----------+----------+---------------+---------------------+
| 231 | user3    |          | Access-Accept | 2021-04-22 12:09:24 |
| 232 | user3    |          | Access-Accept | 2021-04-22 12:09:24 |
+-----+----------+----------+---------------+---------------------+
169 rows in set (0.00 sec)

Empty set (0.00 sec)

+----+---------------------------+------------------+----+--------+
| id | groupname                 | attribute        | op | value  |
+----+---------------------------+------------------+----+--------+
|  1 | daloRADIUS-Disabled-Users | Auth-Type        | := | Reject |
|  2 | daloRADIUS-Disabled-Users | Auth-Type        | := | Reject |
|  3 | group_mi                  | Simultaneous-Use | := | 1      |
+----+---------------------------+------------------+----+--------+
3 rows in set (0.00 sec)

+----+----------+--------------------+----+----------+
| id | username | attribute          | op | value    |
+----+----------+--------------------+----+----------+
| 10 | user3    | Cleartext-Password | := | password |
+----+----------+--------------------+----+----------+
1 row in set (0.00 sec)

+----+-----------+--------------------+----+---------------------+
| id | groupname | attribute          | op | value               |
+----+-----------+--------------------+----+---------------------+
|  3 | group_mi  | Service-Type       | := | Framed-User         |
|  4 | group_mi  | Framed-Protocol    | := | PPP                 |
|  5 | group_mi  | Framed-Compression | := | Van-Jacobsen-TCP-IP |
+----+-----------+--------------------+----+---------------------+
3 rows in set (0.00 sec)

mysql> 

Help please, thanks

Answer 1

You want to configure simultaneous-use. Here’s a good write up about it.

Answer 2

I modified your attempt some:

mysql> create database radius; 
mysql> CREATE USER 'radius'@'localhost' IDENTIFIED BY '**********'; 
mysql> GRANT USAGE ON *.* TO 'radius'@'localhost'
      WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0
           MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 10 ; 
mysql> GRANT ALL PRIVILEGES ON radius.* TO 'radius'@'localhost' ;

Notes:

• IDENTIFIED BY goes only on CREATE USER. The syntax may have changed, depending on what version you are using.
• "0" means unlimited, so I changed that.

There is a global setting Max_user_connections that is an alternative approach to the original question. It is found in my.ini (or something like that).