When It Goes Pear Shaped
When your simultaneous use enforcement doesn’t seem to work right, try the following troubleshooting steps:
Make sure the NAS machine is contained in the naslist file and that its type is identified correctly.
Check the naspasswd file and make sure all is well.
Use the
-sxflag when starting FreeRADIUS and look at the output to determine if it is seeing theSimultaneous-Useline.Run radcheck.pl manually and see if it executes. This eliminates Perl version problems and module presence failures.
There are also some equipment-specific bugs that may be interfering with the functionality.
3Com and US Robotics equipment
3Com/US Robotics equipment has a tendency to incorrectly calculate SNMP object ID values. There is a workaround for this, however. First, make sure the HiPerArc software is updated to at least Version 4.2.32. To prevent simultaneous logins, you need to issue the following command on the NAS machine:
set pbus reported_port_density 256
Also, look at the checkrad program on the RADIUS server and comment out the following line, found under the subroutine sub_usrhiper:
($login) = /^.*\"([^"]+)".*$/;
Ascend equipment
You may see the following error entry in your log files:
Wed Jun 19 15:41:04 2002: Error: Check-TS: timeout waiting for checkrad
This problem usually occurs with MAX 4048 machines. To correct this, make sure that the NAS is correctly set up as a max40xx in the naslist file and double-check that Finger is enabled on the NAS machine. It can be found ...