• If you want to limit the simultaneous sessions a user can have this this page is for you.

• If you are driven by sales of vouchers, limiting the amount of people who can use the voucher at one time can result in more sales.
• If you are very strict on limiting the amount of data a user can use, it is wise to restrict the sessions even to only one in order to ensure accurate data cap calculations.

• You might get more support calls since it may just happen that a person was connected through the captive portal and got disconnected.
• The back-end still thinks he is connected.
• If the person then tries to connect again and there is a limit on the sessions to e.g. 1, he will not be able to connect again.
• Usually there is a reply attribute called Idle-Timeout which you can set to a low value to auto-disconnect the user from the Captive Portal's side when there is no data flow.
• Another option is to let the Back-end auto close stale sessions by editing the Dynamic Client under RADIUS menu and go to Dynamic Client → Enhancements and select Auto Close Stale Sessions with a time.
• These items are just a heads-up before you implement this limit.

• Check if it is enabled in FreeRADIUS

vi /etc/freeradius/3.0/mods-config/sql/main/mysql/queries.conf

• Look for this section

#######################################################################
# Simultaneous Use Checking Queries
#######################################################################
# simul_count_query     - query for the number of current connections
#                       - If this is not defined, no simultaneous use checking
#                       - will be performed by this module instance
# simul_verify_query    - query to return details of current connections
#                               for verification
#                       - Leave blank or commented out to disable verification step
#                       - Note that the returned field order should not be changed.
#######################################################################

• Lets do a bit of explanation of these two items.
  • In the FreeRADIUS config is a dedicated session section.
  • If this section has sql specified, FreeRADIUS will initiate these queries (one or both) to try and determine the amount of active sessions a user has.
  • We are NOT using simul_verify_query and thus it needs to be commented out.
  • If simul_verify_query is specified the FreeRADIUS program will try and contact the nas if possible to inquire directly from it the current session count for a user. For this it uses the checkrad program.
  • We will thus comment simul_verify_query out to NOT use it.

simul_count_query = "\
        SELECT COUNT(*) \
        FROM ${acct_table1} \
        WHERE username = '%{SQL-User-Name}' \
        AND acctstoptime IS NULL"
 
#simul_verify_query = "\
#       SELECT \
#               radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, \
#               callingstationid, framedprotocol \
#       FROM ${acct_table1} \
#       WHERE username = '%{SQL-User-Name}' \
#       AND acctstoptime IS NULL"

• Restart if you made changes

#20.04
service freeradius stop
service freeradius start

• Consider the following screenshot

• Here it is preventing a second connection