Here is how to limit the number of concurrent users/sessions in freeRADIUS. Let's say, you want to reject auth requests if there are already more than 50 active accounting sessions.
- Add the following policy in your policy.conf
maximum_active_users = 50
check_active_users {
if ("%{sql: SELECT COUNT (*) FROM radacct WHERE acctstoptime IS NULL}" >= "%{config:policy.maximum_active_users}") {
update reply {
Reply-Message := "Too many users logged into the system. Please try again later."
}
reject
}
}
- Add check_active_users policy in your sites-enabled/default auth section.
- Test it using radclient.
root @ ~ $ echo "User-Name=t1,User-Password=1234" | radclient -x -d /etc/freeradius/ 192.168.100.108 auth testing123
Sending Access-Request of id 124 to 192.168.100.108 port 1812
User-Name = "t1"
User-Password = "1234"
rad_recv: Access-Reject packet from host 192.168.100.108 port 1812, id=124, length=84
Reply-Message = "Too many users logged into the system. Please try again later."
No comments:
Post a Comment