Restricting Radius authentication?

  • 1
  • Question
  • Updated 1 year ago

May sound like a stupid question,

But we would love to be able to limit our radius authentication users to only being able to use a maximum of 3 devices (Eg. Work laptop, tablet and a phone) Is this possible? 
Photo of Timothy McGufficke

Timothy McGufficke

  • 1 Post
  • 0 Reply Likes

Posted 1 year ago

  • 1
Photo of Hans


  • 68 Posts
  • 8 Reply Likes
I believe this only can be done with the PPSK system. Other may correct me if i'm wrong.
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Not a stupid question. This is possible, but dependent on the RADIUS server itself to keep track of the number of outstanding concurrent logins under the same account and then to reject any subsequent ones. I have been led to believe that some implementations can do this (FreeRADIUS?) but not the Microsoft one.
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
Same answer as Mike's. In the past we have been implementing this with Meru IDM, which is now called Fortinet Connect. So the specification of maximum concurrent devices, maximum overall registered devices etc is part of the Fortinet Connect (= Radius Server) configuration.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
We have put additional primitives in HiveOS 6.5r7 and HiveOS 8.0r1 that allow such a feature to be implemented at a RADIUS server better, the Acct-Session-Id and Acct-Multi-Session-Id are now present in the Access-Request packets meaning that reliable linking to the subsequent accounting that occurs is now possible for session tracking.

No promises, but I will look to dust off some code I wrote a few years ago for NPS as I get time to.