Powered by Jitbit .Net Forum free trial version. dismiss

HomeBugs

Bugs

Simultaneous-Use check 1, User logs in two devices Messages in this topic - RSS

Bernie
Bernie
Posts: 205


16.11.2017
Bernie
Bernie
Posts: 205
Hi,

we have active-directory-group check AD-WLAN-JH_Chemnitz for the same named TekRADIUS group. Also within this group exists Simultanous-Use check 1. But one user uses sAMAccountName and userPrincipalName. It seems that he can log in two times at same time.

You got a sql query which shows his logins.

Best reguards
Bernie

Attachments:
DoubleLogin.csv
0 link
Admin
Admin
Administrator
Posts: 4992


16.11.2017
Admin
Admin
Administrator
Posts: 4992
Can you send me authentication and accounting events for such a user in TekRADIUS log?
0 link
Bernie
Bernie
Posts: 205


28.11.2017
Bernie
Bernie
Posts: 205
For thers here: Meanwhile we have mailed something for over a week.

In the past (e.g. version 5.3.2.11) I have read in the log files messages like: "30.08.2017 00:49:00.221 - Simultaneous session counter for user 'ande.adam' set to 1." Have you removed such messages in further versions?

But now I am not sure. I think there is something wrong with simultaneous limit per user. I have searched for "simultaneous limit" in the log files for the last 3 days. I found much entries for feyerabendt... or mullah... and others but never for "singh.sukwinder" or useres from group "AD-WLAN_Bewohner".
"singh.sukwinder" use two devices but I don't find "simultaneous limit reached".

Best reguards,
Bernie
0 link
Admin
Admin
Administrator
Posts: 4992


28.11.2017
Admin
Admin
Administrator
Posts: 4992
I have updated TekRADIUS to count sessions based on user's sAMAccountName. Can you check if these sessions uses usernames in different formats?
0 link
Bernie
Bernie
Posts: 205


29.11.2017
Bernie
Bernie
Posts: 205
I would say no. They uses the same username format. Which means user1 uses always sAMAccountName and user2 uses always userPrincipleName.

They should use UserPrincipleName because some names are very long (over 20 charachters).
0 link
Admin
Admin
Administrator
Posts: 4992


29.11.2017
Admin
Admin
Administrator
Posts: 4992
Can you send me Authentication attempts for "singh.sukwinder" in TekRADIUS log?
0 link
Bernie
Bernie
Posts: 205


30.11.2017
Bernie
Bernie
Posts: 205
I have mailed you yesterday some logs but my mail server said "delayed delivery". Did you get my mail?
0 link
Admin
Admin
Administrator
Posts: 4992


30.11.2017
Admin
Admin
Administrator
Posts: 4992
I have not received it yet. Can you send it again please?
0 link
Bernie
Bernie
Posts: 205


30.11.2017
Bernie
Bernie
Posts: 205
I try it again. Attachment is 3MB. This should not be a problem.
0 link
Admin
Admin
Administrator
Posts: 4992


30.11.2017
Admin
Admin
Administrator
Posts: 4992
I have received the log files. Here is another update; https://www.kaplansoft.com/tekradius/release/TekRADIUS-Update.zip (5.3.4.13)

Please test this built. I'll be waiting for your feedback.
0 link
Bernie
Bernie
Posts: 205


30.11.2017
Bernie
Bernie
Posts: 205
I have it installed the update for view minutes. The first thing that I noticed is: In log file are chinese signs like:

30.11.2017 15:00:18.985 - Debug Message (Timer-EAPQue): Der Typ "涖㩲喑袾责+떴ϯ㭯翨ⱊ͒淨繇" in Assembly "TekRADIUS, Version=5.3.4.13, Culture=neutral, PublicKeyToken=null" ist nicht als serialisierbar gekennzeichnet.


To the real problem I can not say anything at the moment.
0 link
Admin
Admin
Administrator
Posts: 4992


30.11.2017
Admin
Admin
Administrator
Posts: 4992
Do you see other similar errors like this one in TekRADIUS log?
0 link
Admin
Admin
Administrator
Posts: 4992


30.11.2017
Admin
Admin
Administrator
Posts: 4992
Please apply https://www.kaplansoft.com/tekradius/release/TekRADIUS-Update.zip (5.3.4.14)
0 link
Bernie
Bernie
Posts: 205


1.12.2017
Bernie
Bernie
Posts: 205
Hi,
so, now with version 5.3.4.14 are chinese sign gone.

The problem double login still occurs, look at “Singh.Jasvinder” in the log file and pictures.
Now is a new problem added: It looks like Singh.Jasvinder can now login to SSID GAST3259. TkeRADIUS said “01.12.2017 00:01:05.173 - Check attribute 'Called-Station-Id' value does not match for user 'Singh.Jasvinder@dbjw.local'.” but does not deny the login.


Picture and Log I have mailed you.
Best reguards,
Bernie
0 link
Admin
Admin
Administrator
Posts: 4992


1.12.2017
Admin
Admin
Administrator
Posts: 4992
Here is another update https://www.kaplansoft.com/tekradius/release/TekRADIUS-Update.zip (5.3.4.15)
0 link
Bernie
Bernie
Posts: 205


4.12.2017
Bernie
Bernie
Posts: 205
Hi,

I have it installed at this morning for round on hour.
So my first feedback is, it seems that TekRADIUS Manager doesn't show any active session. The tab is still empty. The second thing is the "chinese" signs are back:
04.12.2017 07:58:29.456 - Debug Message (Timer-EAPQue) Der Typ "辉⷏짼쥕₰쬤偣ஆ+隔즳ᒸ�΢ꧼ扠丘" in Assembly "TekRADIUS, Version=5.3.4.15, Culture=neutral, PublicKeyToken=null" ist nicht als serialisierbar gekennzeichnet.

To the main problem I can not say something now because now it is difficult with empty "active session" tab. I will watch sql query.

Best reguards
Bernie
0 link
Admin
Admin
Administrator
Posts: 4992


4.12.2017
Admin
Admin
Administrator
Posts: 4992
Here is another update https://www.kaplansoft.com/tekradius/release/TekRADIUS-Update.zip (5.3.4.16)
0 link
Bernie
Bernie
Posts: 205


4.12.2017
Bernie
Bernie
Posts: 205
No, it's still 5.3.4.15 in log file with this update.
0 link
Admin
Admin
Administrator
Posts: 4992


4.12.2017
Admin
Admin
Administrator
Posts: 4992
OK. Please re-download; https://www.kaplansoft.com/tekradius/release/TekRADIUS-Update.zip
0 link
Bernie
Bernie
Posts: 205


4.12.2017
Bernie
Bernie
Posts: 205
No, it is still 5.3.4.15.
0 link






Powered by Jitbit Forum 8.3.8.0 © 2006-2013 Jitbit Software