From users file to SQL
tnt at kalik.co.yu
tnt at kalik.co.yu
Thu Jun 7 11:46:52 CEST 2007
>It doesn't work. When the user is member of SUSPENDED and has a static IP
>address, rlm_sqlippool doesn't override the Framed-IP-Address.
>This is the behavior I expect for all other cases/groups.
>
I am not sure if sqlippool has the option to override Framed-IP-Address
if it is already set. Ordinary ippool in radiusd.conf does.
As I said, this is not a smart thing to do - even if you override IP
address, he can change it to his static IP address in his Connection
Properties after the connection is made and gain access. Anyone with
basic IT skills can do this. And they DO know their static IP address.
>I had another problem with this configuration. A user can be member of
>multiple groups. If he is member of SUSPENDED, I want it to be the only one
>group evaluated. This can be achieved with "Fall-Though" in users file, but
>it don't know how to do it with SQL.
>
By managing groups properly. Going to group2 after failing with group1 is
a good thing. That's how dial backup is done for our broadband
customers. But if I suspend them, broadband group is changed to suspend
while dial group is deleted. When suspension is lifted, suspend is
changed to his broadband group while dial group is added as No.2. If he
is suspended, he should be removed from other groups in usergroup table.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list