<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
--></style>
</head>
<body class='hmmessage'>
<br>> -------------- next part --------------<br>> An HTML attachment was scrubbed...<br>> URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20091124/095ab34c/attachment.html><br>> <br>> ------------------------------<br>> <br>> Message: 2<br>> Date: Tue, 24 Nov 2009 19:35:17 -0000 (UTC)<br>> From: tnt@kalik.net<br>> Subject: Re: The MySQL databases for Freeradius<br>> To: "FreeRadius users mailing list"<br>> <freeradius-users@lists.freeradius.org><br>> Message-ID: <64909.87.194.16.13.1259091317.squirrel@www.kalik.net><br>> Content-Type: text/plain;charset=iso-8859-1<br>> <br>> > I am sitting here trying to figure out how FreeRadius works towards MySQL.<br>> ><br>> > The database "radcheck" is for a singeluser if I have understood it<br>> > correctly.<br>> ><br>> > What I want to do is that through MS Access make a form where I can add<br>> > several attributes to the same row in the table.<br>> ><br>> > But since radcheck only seem to work with one attribute per row for one<br>> > user I dont really know how to do.<br>> <br>> You *can* have multiple entries (rows) for each user. You don't have to<br>> cram everything into a single row.<br><br>Okay, but I donīt think it makes any sense that you have multiple inputs of the same user in a table?<br>Say for example that you have like 200 different users and every user have to have like 3 different attributes. The table would get extremly large.<br> What I want to do is to through MySQL link a user to a specific group and in that way start up the segmentation. So depending on what group you are a member in you get into different VLANs etc. Thatīs why I hoped that I could use "radusergroup" to link a user to a group and then in "radgroupcheck" add group specific attributes like NAS-Port-Idīs or Called-Station-Idīs and in that way being able to do a segmentation on SSID or WLAN. <br>> <br>> > What I mean is that if I have a user called "test-user" and want to have<br>> > two attributes for that user, in this case "Cleartext-Password" &<br>> > "NAS-Port-Id" I need to have two rows for that user.<br>> <br>> Tes, you do.<br>> <br>> > radcheck:<br>> ><br>> > ------------------------------------------------------<br>> ><br>> > |id|username |attribute |op |value |<br>> ><br>> > |1 |user-test |Cleartext-Password|== |test-pass |<br>> <br>> That should be :=.<br>> <br>> > |2 |user-test |NAS-Port-Id |== |raket |<br>> ><br>> > -------------------------------------------------------<br>> ><br>> > The reason I want to make a form is because I want others than me being<br>> > able to add new users and have them connected to the correct group which<br>> > then will have a separate VLAN and SSID.<br>> <br>> The form you generate with MS Access will put data into - MS Access<br>> backend. You can't connect that form to MySQL. If you are a fan of Windows<br>> use Windows (ASP.NET) forms or webforms which can place data into MySQL.<br><br>I have actually being able to do changes to the MySQL table by using MS Access and ODBC.<br>But I have had some problems making a form that works towards radcheck though.<br>Iīm not really a windows fan, but I need a Backend that restricts the admins for messing up the Freeradius server.<br>What I need is a GUI where you can search for a specific group and add a new user or edit a user in that group.<br>I really dont want to see a list of all the users there is and then have to search through 200 users to find the one i wish to edit.<br>So is it possible with dialupadmin to add a user and link that user to a group so you can only list that groups users?<br>Also is it possible in anyway to make group specific attributes so I wont have to add SSID restrictions on user level?<br><br>I have seen in the source of Freeradius that dialup admin comes with it. Iīve started to think about testing it.<br>So do I need to build dialupadmin in the same way I did with OpenSSL and FreeRadius or did it get installed at the same time as I installed Freeradius?<br>Also is there anywhere I can read about how to link dialup admin to MySQL etc.?<br>> <br>> Freeradius comes with it's own admin GUI - dialup admin. There are also<br>> outside projects like daloRadius. Or you can make your own using things<br>> like PHP.<br>> <br>> > So then I thought that if i use the table called "radusergroup" and link<br>> > the user to a specific group it should work in a way that all members of<br>> > this group may only connect to the network if they try to connect to the<br>> > correct SSID. It seems that did not work either.<br>> <br>> No, it will not work. Groups in sql emulate DEFAULT entries in users file<br>> - if chack doesn't match, replies are ignored - user is not rejected.<br>> <br>> > I am at a loss here and<br>> > dont really know what I should do.<br>> <br>> If you want user to get rejected if SSID doesn't match, you will need to<br>> make it an entry in radcheck table. As long as the password is there too<br>> user will be rejected.<br>> <br>> Ivan Kalik<br><br>Thank you for your time.<br><br>Best regards/ Peter Carlstedt<br>> <br>> <br>> <br>> *************************************************<br> <br /><hr />Windows Live Hotmail: <a href='http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009' target='_new'>Your friends can get your Facebook updates, right from HotmailŪ.</a></body>
</html>