Subject: Re: Turn of user acc - MySQL
Deleting user from the database - bad idea. You do want him back?
I have users inside another table (name, address, id etc..) and only those who need access I transfer to radcheck table. So if I remove them from radcheck, I can easily turn them back.
Auth-Type Reject is a check item so it would go into rad(group)check table. It's better to create a group for suspended users and swithch user to it than to add the attribute to each user.
Think about using sqlcounters and/or Epiration attribute.
Good ideas so I will think about it... Best regards
Ivan Kalik Kalik Informatika ISP
Dana 30/10/2007, "Marinko Tarlac" <mangia81@gmail.com> pi?e:
Hello
I made small web based application and it uses MySql database. I can add user accounts, create packages, add access points etc and now I need to create script for user control.
Question is next. Is it better to remove the username from radcheck table or it is better option to add access-reject atribute for specific user in radreply table. Is there any better solution. Also I'm thinking to create small perl script which I can call during auth process.
I'm not sure did you understand me :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
------------------------------
Message: 7 Date: Wed, 31 Oct 2007 11:53:23 +1000 (EST) From: David Hobley <david.hobley@mionegroup.com> Subject: Re: Configure authentication via LDAP Group membership issue [sec=unclassified] To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <3661210.62301193795603796.JavaMail.root@mail.onegrp.com> Content-Type: text/plain; charset="utf-8"
Frank,
Thank you - greatly appreciated. This made me realise that my thinking was foggy when I had defined group memberships. All working now.
Cheers, David ----- Original Message ----- From: "Frank MR Ranner" <Frank.Ranner@defence.gov.au> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Sent: Wednesday, 31 October 2007 10:20:36 AM (GMT+1000) Australia/Brisbane Subject: RE: Configure authentication via LDAP Group membership issue [sec=unclassified]
... _______________________________
The memberUid attribute in a posixgroup is supposed to hold the uid, not the uidNumber. That would make your groupmembership_filter = "(memberUid=%{User-Name})" or more robustly, groupmembership_filter = "(&(memberUid=%{Stripped-User-Name:-%{User-Name}})(objectClass=posixGrou p))"
Regards, Frank Ranner