Rejecting User By their Calling-Station-Id (Mac Address)

Alex M freeradius at lrcommunications.net
Sat Dec 26 17:05:41 CET 2009


Ok I still having trouble with this. Here is  my code:

========================================================================================
    if (Calling-Station-Id == "%{sql: SELECT mac FROM `lrc_banlist` WHERE
mac='%{Calling-Station-Id}'}") {
             reject

        update reply {
                    Reply-Message = "Hello Hello Hello"
           }

     }
========================================================================================

The problem is that I don't see the Reply Message... I see other one that i
got from the Usergroup. My userr is the member of default user group that
sends reply message to every one saying that "Username is incorrect" that is
my way to output the message where Usename >< Password (Probably there
should be a better way to do that and maybe that is a problem) but that what
i have now.
So that message is getting outputed even though the mac address is
banned....

Here is copy of my output..

Hope you can help me out?
TNX

===========================

rad_recv: Access-Request packet from host x4.xxx.74.xxx port 62760, id=111,
length=139
        NAS-IP-Address = 192.168.0.104
        NAS-Identifier = "xxxxxxx.com"
        User-Name = "alexus7"
        User-Password = "open"
        Service-Type = Login-User
        NAS-Port-Type = Ethernet
        NAS-Port = 5
        Framed-IP-Address = 192.168.1.199
        Called-Station-Id = "00:0d:b9:06:xx:xx"
        Calling-Station-Id = "00:0b:6a:29:xx:xx"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "alexus7", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql]   expand: %{User-Name} -> alexus7
[sql] sql_set_user escaped user --> 'alexus7'
rlm_sql (sql): Reserving sql socket id: 3
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'alexus7'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, op
FROM radcheck           WHERE username = 'alexus7'           ORDER BY id
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = 'alexus7'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, op
FROM radreply           WHERE username = 'alexus7'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username =
'alexus7'           ORDER BY priority
rlm_sql_mysql: query:  SELECT groupname           FROM
radusergroup           WHERE username = 'alexus7'           ORDER BY
priority
[sql]   expand: SELECT id, groupname, attribute,           Value,
op           FROM radgroupcheck           WHERE groupname =
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname,
attribute,           Value, op           FROM radgroupcheck           WHERE
groupname = 'Ban'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, groupname, attribute,           Value,
op           FROM radgroupcheck           WHERE groupname = 'Ban'
ORDER BY id
[sql]   expand: SELECT id, groupname, attribute,           Value,
op           FROM radgroupcheck           WHERE groupname =
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname,
attribute,           Value, op           FROM radgroupcheck           WHERE
groupname = 'All'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, groupname, attribute,           Value,
op           FROM radgroupcheck           WHERE groupname = 'All'
ORDER BY id
[sql] User found in group All
[sql]   expand: SELECT id, groupname, attribute,           value,
op           FROM radgroupreply           WHERE groupname =
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname,
attribute,           value, op           FROM radgroupreply           WHERE
groupname = 'All'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, groupname, attribute,           value,
op           FROM radgroupreply           WHERE groupname = 'All'
ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++? if (Calling-Station-Id == "%{sql: SELECT mac FROM `lrc_banlist` WHERE
mac='%{Calling-Station-Id}'}")
sql_xlat
        expand: %{User-Name} -> alexus7
sql_set_user escaped user --> 'alexus7'
        expand:  SELECT mac FROM `lrc_banlist` WHERE
mac='%{Calling-Station-Id}' ->  SELECT mac FROM `lrc_banlist` WHERE
mac='00:0b:6a:xx:xx:xx'
        expand: /usr/local/var/log/radius/sqltrace.sql ->
/usr/local/var/log/radius/sqltrace.sql
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql_mysql: query:   SELECT mac FROM `lrc_banlist` WHERE
mac='00:0b:6a:29:d6:bb'
sql_xlat finished
rlm_sql (sql): Released sql socket id: 2
        expand: %{sql: SELECT mac FROM `lrc_banlist` WHERE
mac='%{Calling-Station-Id}'} -> 00:0b:6a:xx:xx:xx
? Evaluating (Calling-Station-Id == "%{sql: SELECT mac FROM `lrc_banlist`
WHERE mac='%{Calling-Station-Id}'}") -> TRUE
++? if (Calling-Station-Id == "%{sql: SELECT mac FROM `lrc_banlist` WHERE
mac='%{Calling-Station-Id}'}") -> TRUE
++- entering if (Calling-Station-Id == "%{sql: SELECT mac FROM `lrc_banlist`
WHERE mac='%{Calling-Station-Id}'}") {...}
+++[reject] returns reject
++- if (Calling-Station-Id == "%{sql: SELECT mac FROM `lrc_banlist` WHERE
mac='%{Calling-Station-Id}'}") returns reject
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> alexus7
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.5 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 111 to xxx.186.xxx.xxx port 6260
        Reply-Message = "Your username/password is incorrect. Please try
again."
Waking up in 4.9 seconds.
Cleaning up request 0 ID 111 with timestamp +20

===========================


On Fri, Dec 25, 2009 at 7:10 PM, <tnt at kalik.net> wrote:

> > I need to ask again for help.
> > So I added this code to Autorize section of Default config file.... it
> > blocks banned users well! But I need to tell them why they got banned so
> I
> > tried diferent ways to add Reply-Message in the logic
> > Nothing helped me so far...
> >
> > So maybe some one can tell me how to add reply-message to this logic?
> >
> > Thank you a lot and Marry Xmas
> >
> >
> >
> > if (Calling-Station-Id == "%{sql: SELECT mac FROM `banlist` WHERE
> > mac='%{Calling-Station-Id}'}") {
> >       reject
>
>         update reply {
>             Reply-Message = "Your account has been disabled."
>         }
>
> >       #reply := "Your account has been disabled."
> >
> > }
>
>
> Ivan Kalik
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091226/ec47bb97/attachment.html>


More information about the Freeradius-Users mailing list