Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Configuring Attribute-Based Concurrency

If the Optional Concurrency and Wholesale Module is not enabled during initial installation, it needs to be activated by entering a license number in the Web GUI too.

There is not a default setting for attribute-based concurrency because attributes attached to a user can vary from site to site. (For tunneled authentication methods, any attribute available in the inner request may be used.)

To set up the Optional Concurrency and Wholesale Module, you edit the /opt/JNPRhadm/UserConcurrenty.sql file to increase the size of the ID field in the user concurrency table and edit the /opt/JNPRsbr/radius/radius.ini file to specify the attribute(s) to track.

Setting the Size of the ID Field in the User Concurrency Table

To increase the size of the ID Field in the user concurrency table:

  1. Log in as hadm.
  2. Change directories to /opt/JNPRhadm/.
  3. Edit UserConcurrency.sql to increase the size of the ID field.
    1. Near the top of the file, locate the line that reads:
      Id    VARCHAR(84) CHARSET utf8 COLLATE utf8_general_ci

       

    2. Change the (84) to (235).

      The modified file should look like this example:

      #=======================================================================
      CREATE TABLE Sbr_UserConcurrency
        (
          Id    VARCHAR(235) CHARSET utf8 COLLATE utf8_general_ci
                NOT NULL,
          Count INT UNSIGNED
                NOT NULL,
            PRIMARY KEY USING HASH (Id)
        )
        ENGINE = ndbcluster  # NOTE: CreateDB.sh fiddles with this line!
        ;
      #=======================================================================

Specifying the User Attribute

To specify the attribute or attributes to track:

  1. Log in as root.
  2. Change directories to /opt/JNPRsbr/radius/.
  3. Edit radius.ini to specify the attribute or attribute to track.
    1. Near the top of the file, locate the [Configuration] section and within it, the Login-Limit-Key = line. It looks like this example:
      ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
      RADIUS.INI file - Version 7.2 (March 2009)
      ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
      ; This file defines operational characteristics of Juniper Network's
      ; Steel-Belted Radius server.
      [Configuration]
      ; Login-Limits: limiting user concurrency
      Apply-Login-Limits              = yes
      ; 'Login-Limit-Key' allows you to redefine the key used for
      ; login-limit concurrency checks.  It is a list of attributes 
      ; (space separated).  Maximum payload length is 84 characters.  
      ; Binary attributes will be rendered as a hex string.
      ; Login-Limit-Key               = 
    2. Remove the comment semi-colon from the front of the Login-Limit-Key = line.
    3. Beyond the equals sign, type the user attribute or attributes to track.
      • If you enter multiple attribute names, separate them with spaces. The values of the attributes are concatenated to create the key.
      • If the field contains an empty value, it indicates that the default scheme of concatenating the username with the authentication method is used.

The modified file should resemble these examples:

; Login-Limit-Key               = WiMAX-QoS-Descriptor

or

; Login-Limit-Key               = WiMAX-QoS-Descriptor Login-IP-Host

Distributing the Files

If there are additional SBR Carrier servers in the cluster that have the Optional Concurrency and Wholesale Module installed, they must be configured identically. Copy the edited /opt/JNPRsbr/radius/radius.ini and /opt/JNPRhadm/UserConcurrenty.sql files to all other servers in the cluster.

 

Modified: 2017-09-27