Limiting Simultaneous Sessions

  • If you want to limit the simultaneous sessions a user can have this this page is for you.

Why implement it

  • If you are driven by sales of vouchers, limiting the amount of people who can use the voucher at one time can result in more sales.
  • If you are very strict on limiting the amount of date a user can use, it is wise to restrict the sessions even to only one in order to ensure accurate data cap calculations.

There is a catch

  • You might get more support calls since it may just happen that a person was connected through the captive portal and got disconnected.
  • The back-end still thinks he is connected.
  • If the person then tries to connect again and there is a limit on the sessions to e.g. 1, he will not be able to connect again.
  • Usually there is a reply attribute called Idle-Timeout which you can set to a low value to auto-disconnect the user from the Captive Portal's side.
  • Another option is to let the Back-end auto close stale sessions by editing the Dynamic Client under RADIUS menu and go to Dynamic ClientEnhancements and select Auto Close Stale Sessions with a time.
  • These items are just a heads-up before you implement this limit.

Check if enabled

  • Check if it is enabled in FreeRADIUS
vi /etc/freeradius/mods-config/sql/main/mysql/queries.conf
  • The following section needs to be active
#  Uncomment simul_count_query to enable simultaneous use checking
simul_count_query = "\
        SELECT COUNT(*) \
        FROM ${acct_table1} \
        WHERE username = '%{SQL-User-Name}' \
        AND acctstoptime IS NULL"
simul_verify_query = "\
        SELECT \
                radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, \
                callingstationid, framedprotocol \
        FROM ${acct_table1} \
        WHERE username = '%{SQL-User-Name}' \
        AND acctstoptime IS NULL"
  • Restart if you made changes
service freeradius stop
service freeradius start
sudo systemctl restart freeradius.service

Applying the limit

  • Consider the following screenshot

You can also add this to a Profile Component

See the limit in action

  • Here it is preventing a second connection