<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Not using mysql. you must peruse the manual pages about how to do
it in your mysql module, however, the magic lies in the users file.
you need a stanza similar to the following (but modified for sql)<br>
<br>
DEFAULT Ldap-Group == "WifiDisabled", Auth-Type := Reject<br>
Reply-Message = "Your account has been disabled."<br>
<br>
On 9/13/2011 18:33, 2394263740 wrote:
<blockquote cite="mid:tencent_2EDA1EF92DFA4E9867ACAC3F@qq.com"
type="cite">
<div>Christ,</div>
<div> </div>
<div>Thanks for your help.</div>
<div> </div>
<div>Can you please advise how to configurre a group reject
access?</div>
<div> </div>
<div>Thanks!</div>
<div> </div>
<div>Tom</div>
<div><includetail>
<div> </div>
<div> </div>
<div style="COLOR: #000">
<div style="PADDING-BOTTOM: 2px; PADDING-LEFT: 0px;
PADDING-RIGHT: 0px; FONT-FAMILY: Arial Narrow; FONT-SIZE:
12px; PADDING-TOP: 2px">------------------ Original ------------------</div>
<div style="PADDING-BOTTOM: 8px; PADDING-LEFT: 8px;
PADDING-RIGHT: 8px; BACKGROUND: #efefef; FONT-SIZE: 12px;
PADDING-TOP: 8px">
<div id="menu_sender"><b>From: </b> "freeradius-users"<a class="moz-txt-link-rfc2396E" href="mailto:freeradius-users-request@lists.freeradius.org"><freeradius-users-request@lists.freeradius.org></a>;</div>
<div><b>Date: </b> Wed, Sep 14, 2011 02:01 AM</div>
<div><b>To: </b> "freeradius-users"<a class="moz-txt-link-rfc2396E" href="mailto:freeradius-users@lists.freeradius.org"><freeradius-users@lists.freeradius.org></a>;
<wbr></div>
<div><b>Subject: </b> Freeradius-Users Digest, Vol 77,
Issue 51</div>
</div>
<div> </div>
Send Freeradius-Users mailing list submissions to<br>
<a class="moz-txt-link-abbreviated" href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a class="moz-txt-link-freetext" href="http://lists.freeradius.org/mailman/listinfo/freeradius-users">http://lists.freeradius.org/mailman/listinfo/freeradius-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a class="moz-txt-link-abbreviated" href="mailto:freeradius-users-request@lists.freeradius.org">freeradius-users-request@lists.freeradius.org</a><br>
<br>
You can reach the person managing the list at<br>
<a class="moz-txt-link-abbreviated" href="mailto:freeradius-users-owner@lists.freeradius.org">freeradius-users-owner@lists.freeradius.org</a><br>
<br>
When replying, please edit your Subject line so it is more
specific<br>
than "Re: Contents of Freeradius-Users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. RE: Problem with rml_sqlcounter with GigaByte
datavolume<br>
(Nicolas FOUREL)<br>
2. Re: Problem with rml_sqlcounter with GigaByte
datavolume<br>
(Suman Dash)<br>
3. Re: Best Practices - maximum NAS entries in
clients.conf<br>
(Christ Schlacta)<br>
4. Re: Quick enable/disable user account. (Christ
Schlacta)<br>
5. Re: Best Practices - maximum NAS entries in
clients.conf<br>
(Arran Cudbard-Bell)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Tue, 13 Sep 2011 18:30:55 +0200<br>
From: "Nicolas FOUREL" <a class="moz-txt-link-rfc2396E" href="mailto:nicolas.fourel@adipsys.com"><nicolas.fourel@adipsys.com></a><br>
Subject: RE: Problem with rml_sqlcounter with GigaByte
datavolume<br>
To: "'FreeRadius users mailing list'"<br>
<a class="moz-txt-link-rfc2396E" href="mailto:freeradius-users@lists.freeradius.org"><freeradius-users@lists.freeradius.org></a><br>
Message-ID:
<a class="moz-txt-link-rfc2396E" href="mailto:4e6f8544.8dc5e30a.148c.558f@mx.google.com"><4e6f8544.8dc5e30a.148c.558f@mx.google.com></a><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
Hi Arran,<br>
<br>
I have get version 3.0.0 with 64 bit counters support from
Git and installed<br>
it. Unfortunatly, I still have the same problem with my sql
counter which<br>
has always "check_item=0" when I put a value bigger than
2^32. On<br>
Access-Request in debug mode, I have the following lines : <br>
<br>
Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: (Check
item - counter) is<br>
less than zero<br>
Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: Rejected
user <a class="moz-txt-link-abbreviated" href="mailto:foo@bar.com">foo@bar.com</a>,<br>
check_item=0, counter=68882<br>
<br>
Here is my counter definition :<br>
sqlcounter totalinputoctets {<br>
counter-name = Total-Max-Input-Octets<br>
check-name = Max-Input-Octets<br>
reply-name = ChilliSpot-Max-Input-Octets<br>
sqlmod-inst = sql<br>
key = User-Name<br>
reset = never<br>
query = "SELECT SUM(AcctInputOctets) FROM radacct
WHERE<br>
UserName='%{%k}'"<br>
}<br>
<br>
I have added "Max-Input-Octets" in the dictionary file like
that :<br>
ATTRIBUTE Max-Input-Octets 3001 integer64<br>
<br>
In radcheck table:<br>
<a class="moz-txt-link-abbreviated" href="mailto:foo@bar.com">foo@bar.com</a> Max-Input-Octets :=<br>
107374182400<br>
<br>
<br>
Did I miss a thing ?<br>
<br>
Many thanks<br>
<br>
Nicolas<br>
<br>
-----Message d'origine-----<br>
De?:<br>
<a class="moz-txt-link-abbreviated" href="mailto:freeradius-users-bounces+nicolas.fourel=adipsys.com@lists.freeradius.org">freeradius-users-bounces+nicolas.fourel=adipsys.com@lists.freeradius.org</a><br>
[<a class="moz-txt-link-freetext" href="mailto:freeradius-users-bounces+nicolas.fourel=adipsys.com@lists.freeradius">mailto:freeradius-users-bounces+nicolas.fourel=adipsys.com@lists.freeradius</a><br>
.org] De la part de Arran Cudbard-Bell<br>
Envoy??: lundi 12 septembre 2011 11:46<br>
??: FreeRadius users mailing list<br>
Objet?: Re: Problem with rml_sqlcounter with GigaByte
datavolume<br>
<br>
<br>
On 12 Sep 2011, at 10:20, nfourel wrote:<br>
<br>
> Thanks for your reply but I can't find any version
3.x.x of freeRADIUS.<br>
Where<br>
> can I find it ?<br>
> <br>
<br>
<a class="moz-txt-link-freetext" href="http://git.freeradius.org/">http://git.freeradius.org/</a><br>
<br>
3.x.x is currently in development on the master branch.<br>
<br>
-Arran<br>
<br>
Arran Cudbard-Bell<br>
<a class="moz-txt-link-abbreviated" href="mailto:a.cudbardb@freeradius.org">a.cudbardb@freeradius.org</a><br>
<br>
RADIUS - Waging war on ignorance and apathy one
Access-Challenge at a time.<br>
<br>
<br>
-<br>
List info/subscribe/unsubscribe? See<br>
<a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br>
<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Tue, 13 Sep 2011 23:09:39 +0530<br>
From: Suman Dash <a class="moz-txt-link-rfc2396E" href="mailto:sumandash@gmail.com"><sumandash@gmail.com></a><br>
Subject: Re: Problem with rml_sqlcounter with GigaByte
datavolume<br>
To: FreeRadius users mailing list<br>
<a class="moz-txt-link-rfc2396E" href="mailto:freeradius-users@lists.freeradius.org"><freeradius-users@lists.freeradius.org></a><br>
Message-ID:<br>
<a class="moz-txt-link-rfc2396E" href="mailto:CAOywgS8G==MvAZPs=s18pYsN36mA+xzGScb9e0KvcPELOHFsng@mail.gmail.com"><CAOywgS8G==MvAZPs=s18pYsN36mA+xzGScb9e0KvcPELOHFsng@mail.gmail.com></a><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
SELECT SUM(AcctInputOctets) FROM radacct WHERE
UserName='username'<br>
<br>
Run the above query in mysql and post the result<br>
<br>
then post the freeradius log specific to this section.<br>
<br>
On Tue, Sep 13, 2011 at 10:00 PM, Nicolas FOUREL
<<a class="moz-txt-link-abbreviated" href="mailto:nicolas.fourel@adipsys.com">nicolas.fourel@adipsys.com</a><br>
> wrote:<br>
<br>
> Hi Arran,<br>
><br>
> I have get version 3.0.0 with 64 bit counters support
from Git and<br>
> installed<br>
> it. Unfortunatly, I still have the same problem with my
sql counter which<br>
> has always "check_item=0" when I put a value bigger
than 2^32. On<br>
> Access-Request in debug mode, I have the following
lines :<br>
><br>
> Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter:
(Check item - counter) is<br>
> less than zero<br>
> Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter:
Rejected user<br>
> <a class="moz-txt-link-abbreviated" href="mailto:foo@bar.com">foo@bar.com</a>,<br>
> check_item=0, counter=68882<br>
><br>
> Here is my counter definition :<br>
> sqlcounter totalinputoctets {<br>
> counter-name = Total-Max-Input-Octets<br>
> check-name = Max-Input-Octets<br>
> reply-name = ChilliSpot-Max-Input-Octets<br>
> sqlmod-inst = sql<br>
> key = User-Name<br>
> reset = never<br>
> query = "SELECT SUM(AcctInputOctets) FROM
radacct WHERE<br>
> UserName='%{%k}'"<br>
> }<br>
><br>
> I have added "Max-Input-Octets" in the dictionary file
like that :<br>
> ATTRIBUTE Max-Input-Octets 3001
integer64<br>
><br>
> In radcheck table:<br>
> <a class="moz-txt-link-abbreviated" href="mailto:foo@bar.com">foo@bar.com</a>
Max-Input-Octets :=<br>
> 107374182400<br>
><br>
><br>
> Did I miss a thing ?<br>
><br>
> Many thanks<br>
><br>
> Nicolas<br>
><br>
> -----Message d'origine-----<br>
> De :<br>
>
<a class="moz-txt-link-abbreviated" href="mailto:freeradius-users-bounces+nicolas.fourel=adipsys.com@lists.freeradius.org">freeradius-users-bounces+nicolas.fourel=adipsys.com@lists.freeradius.org</a><br>
> [<a class="moz-txt-link-freetext" href="mailto:freeradius-users-bounces+nicolas.fourel">mailto:freeradius-users-bounces+nicolas.fourel</a><br>
> =adipsys.com@lists.freeradius<br>
> .org] De la part de Arran Cudbard-Bell<br>
> Envoy? : lundi 12 septembre 2011 11:46<br>
> ? : FreeRadius users mailing list<br>
> Objet : Re: Problem with rml_sqlcounter with GigaByte
datavolume<br>
><br>
><br>
> On 12 Sep 2011, at 10:20, nfourel wrote:<br>
><br>
> > Thanks for your reply but I can't find any version
3.x.x of freeRADIUS.<br>
> Where<br>
> > can I find it ?<br>
> ><br>
><br>
> <a class="moz-txt-link-freetext" href="http://git.freeradius.org/">http://git.freeradius.org/</a><br>
><br>
> 3.x.x is currently in development on the master branch.<br>
><br>
> -Arran<br>
><br>
> Arran Cudbard-Bell<br>
> <a class="moz-txt-link-abbreviated" href="mailto:a.cudbardb@freeradius.org">a.cudbardb@freeradius.org</a><br>
><br>
> RADIUS - Waging war on ignorance and apathy one
Access-Challenge at a time.<br>
><br>
><br>
> -<br>
> List info/subscribe/unsubscribe? See<br>
> <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br>
><br>
><br>
> -<br>
> List info/subscribe/unsubscribe? See<br>
> <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br>
><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL:
<a class="moz-txt-link-rfc2396E" href="https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/59e78c63/attachment.html"><https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/59e78c63/attachment.html></a><br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Tue, 13 Sep 2011 10:39:48 -0700<br>
From: Christ Schlacta <a class="moz-txt-link-rfc2396E" href="mailto:lists@aarcane.org"><lists@aarcane.org></a><br>
Subject: Re: Best Practices - maximum NAS entries in
clients.conf<br>
To: <a class="moz-txt-link-abbreviated" href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
Message-ID: <a class="moz-txt-link-rfc2396E" href="mailto:4E6F9564.1070103@aarcane.org"><4E6F9564.1070103@aarcane.org></a><br>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed<br>
<br>
On 9/13/2011 00:59, Fajar A. Nugraha wrote:<br>
> On Tue, Sep 13, 2011 at 2:43 PM, Phil
Mayers<a class="moz-txt-link-rfc2396E" href="mailto:p.mayers@imperial.ac.uk"><p.mayers@imperial.ac.uk></a> wrote:<br>
>> On 09/12/2011 10:42 PM, Fajar A. Nugraha wrote:<br>
>>> If I understand
raddb/sites-available/dynamic-clients correctly, the<br>
>>> only way to store (well, to retrieve actualy)
dynamic clients<br>
>>> definition in SQL is to use "%{sql:" expansion.
Is there a way to make<br>
>>> it have some level of redundancy? Last time I
check, "%{sql:" can't be<br>
>>> used on "virtual" modules (from instantiate or
policy section) which<br>
>>> groups multiple sql instance together using
"redundant".<br>
>>><br>
>> You could also use "exec", rlm_perl/python or
whatever, all of which can<br>
>> themselves call SQL.<br>
> possible, though not ideal.<br>
><br>
>> Or, perform an SQL query that MUST return some
output, parse the results and<br>
>> call the individual SQL modules directly - like so:<br>
>><br>
>> update control {<br>
>> Tmp-String-0 := "%{sql1:select name||','||secret
...}"<br>
>> }<br>
>> if (control:Tmp-String-0 == "") {<br>
>> update control {<br>
>> Tmp-String-0 := "%{sql2:...}"<br>
>> }<br>
>> }<br>
> That's what we currently do (for another purpose, not
for dynamic<br>
> client). However:<br>
> - I lost load-balancing feature that comes with
redundant-load-balance<br>
> - imagine having to create 8 if-elsif block to properly
catch error<br>
> when working with 8 sql nodes, and write the same sql
query 8 times in<br>
> the configuration file. Works, but kinda messy.<br>
><br>
> With current sql module (that only reads nas list from
sql during<br>
> startup/HUP) I can use one sql/mysql/*.conf to specify
the query, and<br>
> have each sql instance $INCLUDE it. If we can do
similar thing with<br>
> "%{sql:" expansion (e.g. store the query in some
temporary internal<br>
> variable/attribute) it'd be reduce the measiness
greatly, but I<br>
> haven't found out how to do it yet.<br>
><br>
why not make an arbitrary program that takes the SQL
statement as an <br>
argument, and returns from the first successful connection.
it can take <br>
a random number between 0 and n-1 on the number of SQL
servers you have, <br>
and start connecting from there. you get failover and
round-robin load <br>
balancing with the convenience of only having to write your
query and <br>
your series of if-else-if statements once.<br>
<br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Tue, 13 Sep 2011 10:46:21 -0700<br>
From: Christ Schlacta <a class="moz-txt-link-rfc2396E" href="mailto:lists@aarcane.org"><lists@aarcane.org></a><br>
Subject: Re: Quick enable/disable user account.<br>
To: <a class="moz-txt-link-abbreviated" href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
Message-ID: <a class="moz-txt-link-rfc2396E" href="mailto:4E6F96ED.6080307@aarcane.org"><4E6F96ED.6080307@aarcane.org></a><br>
Content-Type: text/plain; charset="iso-8859-1";
Format="flowed"<br>
<br>
On 9/13/2011 08:32, 2394263740 wrote:<br>
><br>
> Hello,<br>
> I'm using free radius server 2.1.11 on Linux Enterprise
Server 6.1.<br>
> OS: Linux Enterprise Server 6.1<br>
> Radius: free radius server 2.1.11<br>
> Database: Mysql<br>
><br>
> Sometime, I need disable a user account in mysql
database. And then <br>
> enable it later on after some check complete.<br>
><br>
> Can you please advise how to toggle such status?<br>
><br>
> There're may be multiple solutions, please advise them
all, so I can <br>
> choose a one most fit the needs.<br>
><br>
> Thanks!<br>
><br>
> Tom<br>
><br>
><br>
><br>
> -<br>
> List info/subscribe/unsubscribe? See
<a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br>
read up on mysql groups, then use a group that's configured
to reject <br>
access. add and delete members from that group as needed to
disable and <br>
re-enable their account. that's what groups are there for.<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL:
<a class="moz-txt-link-rfc2396E" href="https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/5fec63c0/attachment.html"><https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/5fec63c0/attachment.html></a><br>
<br>
------------------------------<br>
<br>
Message: 5<br>
Date: Tue, 13 Sep 2011 20:01:14 +0200<br>
From: Arran Cudbard-Bell <a class="moz-txt-link-rfc2396E" href="mailto:a.cudbardb@freeradius.org"><a.cudbardb@freeradius.org></a><br>
Subject: Re: Best Practices - maximum NAS entries in
clients.conf<br>
To: FreeRadius users mailing list<br>
<a class="moz-txt-link-rfc2396E" href="mailto:freeradius-users@lists.freeradius.org"><freeradius-users@lists.freeradius.org></a><br>
Message-ID:
<a class="moz-txt-link-rfc2396E" href="mailto:97DF6DE5-5FDB-416C-A528-FDC68A1D4274@freeradius.org"><97DF6DE5-5FDB-416C-A528-FDC68A1D4274@freeradius.org></a><br>
Content-Type: text/plain; charset=us-ascii<br>
<br>
<br>
On 13 Sep 2011, at 19:39, Christ Schlacta wrote:<br>
<br>
> On 9/13/2011 00:59, Fajar A. Nugraha wrote:<br>
>> On Tue, Sep 13, 2011 at 2:43 PM, Phil
Mayers<a class="moz-txt-link-rfc2396E" href="mailto:p.mayers@imperial.ac.uk"><p.mayers@imperial.ac.uk></a> wrote:<br>
>>> On 09/12/2011 10:42 PM, Fajar A. Nugraha wrote:<br>
>>>> If I understand
raddb/sites-available/dynamic-clients correctly, the<br>
>>>> only way to store (well, to retrieve
actualy) dynamic clients<br>
>>>> definition in SQL is to use "%{sql:"
expansion. Is there a way to make<br>
>>>> it have some level of redundancy? Last time
I check, "%{sql:" can't be<br>
>>>> used on "virtual" modules (from instantiate
or policy section) which<br>
>>>> groups multiple sql instance together using
"redundant".<br>
>>>> <br>
>>> You could also use "exec", rlm_perl/python or
whatever, all of which can<br>
>>> themselves call SQL.<br>
>> possible, though not ideal.<br>
>> <br>
>>> Or, perform an SQL query that MUST return some
output, parse the results and<br>
>>> call the individual SQL modules directly - like
so:<br>
>>> <br>
>>> update control {<br>
>>> Tmp-String-0 := "%{sql1:select
name||','||secret ...}"<br>
>>> }<br>
>>> if (control:Tmp-String-0 == "") {<br>
>>> update control {<br>
>>> Tmp-String-0 := "%{sql2:...}"<br>
>>> }<br>
>>> }<br>
>> That's what we currently do (for another purpose,
not for dynamic<br>
>> client). However:<br>
>> - I lost load-balancing feature that comes with
redundant-load-balance<br>
>> - imagine having to create 8 if-elsif block to
properly catch error<br>
>> when working with 8 sql nodes, and write the same
sql query 8 times in<br>
>> the configuration file. Works, but kinda messy.<br>
>> <br>
>> With current sql module (that only reads nas list
from sql during<br>
>> startup/HUP) I can use one sql/mysql/*.conf to
specify the query, and<br>
>> have each sql instance $INCLUDE it. If we can do
similar thing with<br>
>> "%{sql:" expansion (e.g. store the query in some
temporary internal<br>
>> variable/attribute) it'd be reduce the measiness
greatly, but I<br>
>> haven't found out how to do it yet.<br>
>> <br>
> why not make an arbitrary program that takes the SQL
statement as an argument, and returns from the first
successful connection. it can take a random number between
0 and n-1 on the number of SQL servers you have, and start
connecting from there. you get failover and round-robin
load balancing with the convenience of only having to write
your query and your series of if-else-if statements once.<br>
<br>
Calling out to anything outside of FreeRADIUS comes with a
big performance penalty.<br>
<br>
I do sometimes wonder whether 'update config' would be
useful as an interim hack for some of this stuff.<br>
<br>
-Arran<br>
<br>
Arran Cudbard-Bell<br>
<a class="moz-txt-link-abbreviated" href="mailto:a.cudbardb@freeradius.org">a.cudbardb@freeradius.org</a><br>
<br>
RADIUS - Waging war on ignorance and apathy one
Access-Challenge at a time.<br>
<br>
<br>
<br>
<br>
------------------------------<br>
<br>
-<br>
List info/subscribe/unsubscribe? See
<a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br>
<br>
<br>
End of Freeradius-Users Digest, Vol 77, Issue 51<br>
************************************************<br>
</div>
</includetail></div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a></pre>
</blockquote>
<br>
</body>
</html>