Re: [RadiusNT] Concurrency Control Doesn't Work, Help...

Dale E. Reed Jr. ( (no email) )
Thu, 10 Feb 2000 20:13:58 -0800

TIA wrote:
> >> "Request from host cefd387c" or the "NAS-Identifier="?
> >> i.e."cefd387c" or the IP address?
> >
> >NAS-Identifier.
> Even though the ServerPorts table has the correct ServerID from the Servers
> Table listed and the exact ports that the NAS reports and again from the
> Servers table -- I can see that the Servers Table simply assigns a number (6
> in this case) to the Server field (in this case rtr3-beloit) and to the IP
> address (in this case -- I need to manually alter this (the
> ServerID) in the ServerPorts table and make it the IP (Nas-Identifier)? I'm
> sure this can't be so...

No. NAS-Identifier matches to Servers.IPAddress. The ServerPorts and
Servers table relate on ServerID.

> I have ran this script numerous times and it does not change any of the
> ports in any way as they are exactly the same as reported by the NAS , as
> reported in the Servers Table, as reported in the ServerPorts table, and
> reported as well as in the Calls Table. They all report or coincide exactly.

First, are you getting accounting packets (type=4)? Secondly, do you
some kind of trigger or manual calls update enabled? If you don't have
one of those two, then the calls online (server ports) will not be

> Does the NAS Type have anything to do with it? It is a type 9 stated as a
> Cisco 5200 but is actually a Cisco 2511, (the QuickStart folks said this
> wouldn't make any difference and that Concurrency Control was a snap). Has

Thats fine.

> anyone else confirmed without a doubt that Concurrency Control works on any
> NAS and not just with radlogin? I'm certain that this is just something
> totally stupid that I can't seem to resolve. And gosh, it's taken me almost
> 3 months of tinkering to get this far! Which brings up another point,

One of the other things with Ciscos, is that they send a start
record with an update record following. If the trigger updates the
server ports table with the update, and you are lookin for start
records, you won't see them.

> (besides the "I'm an idiot" thing..), what if you have several NAS's in one
> location, does that mean even if Concurrency Control worked, couldn't
> someone simply dial into another NAS and bypass the Concurrency Control?
> From what I gather,Concurrency Control is set on a per NAS basis and not
> across the complete authentication system. Any help would be greatly
> appreciated

No. Concurrency control is based on the username, not the server. If
you look at the RadCheckOnline proc, you'll see its just for the name,
not the user.


Dale E. Reed Jr. Emerald and RadiusNT__________________________________________IEA Software, Inc.

For more information about this list (including removal) go to: