Limiting number of devices per user in Captive Portal + Free Radius

ashima

Hello Everyone,

I am using pfsense 2.2.6 with captive portal and freeradius 2. I would like to limit certain users with limited number of devices.

Say user1 can connect at the most with 2 devices ( laptop & mobile) simultaneously.
user2 can connect at the most with 3 devices simultaneously.

Is it possible to do so ? How do I do that.

I read it in forum… someone trying with mysql. But I don't want to install mysql... Is it possible.

Thank you,
Ashima

ashima

Hello,

I have managed to achieve some part of it. But there is still a glitch. If I restrict a user for 3 simultaneous connections… if a fourth device tries to login with same username... he is logged in and 1st one is kicked out. I want  the fourth device to  immediately  log out after an error message.  How do I achieve this?  Any way this is what I have done :

1. Enable accounting in free radius and captive portal.

2. In freeradius, set simultaneous login to 3.

So now when the 4th device tries to login, the 1st is immediately logged out.

@Grejan... probably we can write a program which queries cp database for the no of users logged in with that username,

If is it is more than a specified number... the last one is kicked off.

regards.
Ashima

Gertjan

@ashima:

1. Enable accounting in free radius and captive portal.
2. In freeradius, set simultaneous login to 3.
   So now when the 4th device tries to login, the 1st is immediately logged out.

I know what a Radius server is … I guess, but never used it.

@ashima:

@Grejan… probably we can write a program which queries cp database for the no of users logged in with that username,
If is it is more than a specified number... the last one is kicked off.

That's what I would do : a simple MySQL query that detects if 3 sessions with the same user name are already in the (local user manager sqlite) database, in that case : no go.

gadgetguy

@ashima:

Hello,

I have managed to achieve some part of it. But there is still a glitch. If I restrict a user for 3 simultaneous connections… if a fourth device tries to login with same username... he is logged in and 1st one is kicked out. I want  the fourth device to  immediately  log out after an error message.  How do I achieve this?  Any way this is what I have done :

1. Enable accounting in free radius and captive portal.

2. In freeradius, set simultaneous login to 3.
   So now when the 4th device tries to login, the 1st is immediately logged out.

@Grejan... probably we can write a program which queries cp database for the no of users logged in with that username,

If is it is more than a specified number... the last one is kicked off.

regards.
Ashima

Ashima, I'm trying to achieve the same thing as you.

So now when the 4th device tries to login, the 1st is immediately logged out.

How did you achieve this? Please tell me how to configure my pfSense.

Your help would be greatly appreciated,

Thanks

Gertjan

Read also : https://forum.pfsense.org/index.php?topic=136951.msg749960#msg749960