Ok I still having trouble with this. Here is my code:<br><br>========================================================================================<br> if (Calling-Station-Id == "%{sql: SELECT mac FROM `lrc_banlist` WHERE mac='%{Calling-Station-Id}'}") {<br>
reject<br> <br> update reply {<br> Reply-Message = "Hello Hello Hello"<br> }<br><br> }<br>========================================================================================<br>
<br>The problem is that I don't see the Reply Message... I see other one that i got from the Usergroup. My userr is the member of default user group that sends reply message to every one saying that "Username is incorrect" that is my way to output the message where Usename >< Password (Probably there should be a better way to do that and maybe that is a problem) but that what i have now. <br>
So that message is getting outputed even though the mac address is banned....<br><br>Here is copy of my output.. <br><br>Hope you can help me out?<br>TNX<br><br>===========================<br><br>rad_recv: Access-Request packet from host x4.xxx.74.xxx port 62760, id=111, length=139<br>
NAS-IP-Address = 192.168.0.104<br> NAS-Identifier = "<a href="http://xxxxxxx.com">xxxxxxx.com</a>"<br> User-Name = "alexus7"<br> User-Password = "open"<br> Service-Type = Login-User<br>
NAS-Port-Type = Ethernet<br> NAS-Port = 5<br> Framed-IP-Address = 192.168.1.199<br> Called-Station-Id = "00:0d:b9:06:xx:xx"<br> Calling-Station-Id = "00:0b:6a:29:xx:xx"<br>
+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "alexus7", looking up realm NULL<br>[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>[eap] No EAP-Message, not doing EAP<br>++[eap] returns noop<br>++[unix] returns notfound<br>++[files] returns noop<br>[sql] expand: %{User-Name} -> alexus7<br>[sql] sql_set_user escaped user --> 'alexus7'<br>
rlm_sql (sql): Reserving sql socket id: 3<br>[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alexus7' ORDER BY id<br>
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alexus7' ORDER BY id<br>WARNING: Found User-Password == "...".<br>WARNING: Are you sure you don't mean Cleartext-Password?<br>
WARNING: See "man rlm_pap" for more information.<br>[sql] User found in radcheck table<br>[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alexus7' ORDER BY id<br>
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alexus7' ORDER BY id<br>[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'alexus7' ORDER BY priority<br>
rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'alexus7' ORDER BY priority<br>[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Ban' ORDER BY id<br>
rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Ban' ORDER BY id<br>[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'All' ORDER BY id<br>
rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'All' ORDER BY id<br>[sql] User found in group All<br>[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'All' ORDER BY id<br>
rlm_sql_mysql: query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'All' ORDER BY id<br>rlm_sql (sql): Released sql socket id: 3<br>++[sql] returns ok<br>
++? if (Calling-Station-Id == "%{sql: SELECT mac FROM `lrc_banlist` WHERE mac='%{Calling-Station-Id}'}")<br>sql_xlat<br> expand: %{User-Name} -> alexus7<br>sql_set_user escaped user --> 'alexus7'<br>
expand: SELECT mac FROM `lrc_banlist` WHERE mac='%{Calling-Station-Id}' -> SELECT mac FROM `lrc_banlist` WHERE mac='00:0b:6a:xx:xx:xx'<br> expand: /usr/local/var/log/radius/sqltrace.sql -> /usr/local/var/log/radius/sqltrace.sql<br>
rlm_sql (sql): Reserving sql socket id: 2<br>rlm_sql_mysql: query: SELECT mac FROM `lrc_banlist` WHERE mac='00:0b:6a:29:d6:bb'<br>sql_xlat finished<br>rlm_sql (sql): Released sql socket id: 2<br> expand: %{sql: SELECT mac FROM `lrc_banlist` WHERE mac='%{Calling-Station-Id}'} -> 00:0b:6a:xx:xx:xx<br>
? Evaluating (Calling-Station-Id == "%{sql: SELECT mac FROM `lrc_banlist` WHERE mac='%{Calling-Station-Id}'}") -> TRUE<br>++? if (Calling-Station-Id == "%{sql: SELECT mac FROM `lrc_banlist` WHERE mac='%{Calling-Station-Id}'}") -> TRUE<br>
++- entering if (Calling-Station-Id == "%{sql: SELECT mac FROM `lrc_banlist` WHERE mac='%{Calling-Station-Id}'}") {...}<br>+++[reject] returns reject<br>++- if (Calling-Station-Id == "%{sql: SELECT mac FROM `lrc_banlist` WHERE mac='%{Calling-Station-Id}'}") returns reject<br>
Using Post-Auth-Type Reject<br>+- entering group REJECT {...}<br>[attr_filter.access_reject] expand: %{User-Name} -> alexus7<br> attr_filter: Matched entry DEFAULT at line 11<br>++[attr_filter.access_reject] returns updated<br>
Delaying reject of request 0 for 1 seconds<br>Going to the next request<br>Waking up in 0.5 seconds.<br>Sending delayed reject for request 0<br>Sending Access-Reject of id 111 to xxx.186.xxx.xxx port 6260<br> Reply-Message = "Your username/password is incorrect. Please try again."<br>
Waking up in 4.9 seconds.<br>Cleaning up request 0 ID 111 with timestamp +20<br><br>===========================<br><br><br><div class="gmail_quote">On Fri, Dec 25, 2009 at 7:10 PM, <span dir="ltr"><<a href="mailto:tnt@kalik.net">tnt@kalik.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im">> I need to ask again for help.<br>
> So I added this code to Autorize section of Default config file.... it<br>
> blocks banned users well! But I need to tell them why they got banned so I<br>
> tried diferent ways to add Reply-Message in the logic<br>
> Nothing helped me so far...<br>
><br>
> So maybe some one can tell me how to add reply-message to this logic?<br>
><br>
> Thank you a lot and Marry Xmas<br>
><br>
><br>
><br>
> if (Calling-Station-Id == "%{sql: SELECT mac FROM `banlist` WHERE<br>
> mac='%{Calling-Station-Id}'}") {<br>
> reject<br>
<br>
</div> update reply {<br>
Reply-Message = "Your account has been disabled."<br>
<div class="im"> }<br>
<br>
> #reply := "Your account has been disabled."<br>
><br>
> }<br>
<br>
<br>
</div>Ivan Kalik<br>
<div><div></div><div class="h5"><br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br>