Rlm_sql in freeradius-1.1.7
orion
meshkruaj at gmail.com
Thu Jan 17 19:53:13 CET 2008
pershendetje/Hi dashamir.
sorry for my english , not my mother language.
i use the same scenario at our isp but we
check the MAC address of the NAS where the client comes from.
In mysql we have:
+----+----------+--------------------+----+--------------+
| id | username | attribute | op | value |
+----+----------+--------------------+----+--------------+
| 1 | orion | Calling-Station-Id | == | 001bd136e285 |
| 2 | orioni | Cleartext-Password | := | test |
| 3 | orioni | Simultaneous-Use | := | 2 |
+----+----------+--------------------+----+--------------+
shnet e pare / bye.
On 17/01/2008, Dashamir Hoxha <dhoxha at albaniaonline.net> wrote:
>
> Hi,
>
> Actually, what I am trying to do is this:
> I have several access points that have hotspot
> and use radius for AAA. I would like to register
> users in radius so that they are able to login
> using some of the access points, and not able to
> login using the others.
>
> The way that I was trying to do it is like this:
> Suppose that there are the access points A1, A2, A3
> and the user 'test' should be able to access the
> internet only from A1 and A3. The data in radius
> that would make this scenario work, could be like this:
>
> radcheck:
> +------+----------+------------------+----+-------+
> | id | UserName | Attribute | op | Value |
> +------+----------+------------------+----+-------+
> | 5272 | test | User-Password | := | test |
> | 5262 | test | Simultaneous-Use | := | 5 |
> +------+----------+------------------+----+-------+
>
> radreply:
> +----+----------+---------------+----+----------+
> | id | UserName | Attribute | op | Value |
> +----+----------+---------------+----+----------+
> | 42 | test | Auth-Type | := | Reject |
> | 43 | test | Fall-Through | := | Yes |
> +----+----------+---------------+----+----------+
>
> usergroup:
> +----------+-----------+----------+
> | UserName | GroupName | priority |
> +----------+-----------+----------+
> | test | A1 | 1 |
> | test | A2 | 1 |
> | test | A3 | 1 |
> +----------+-----------+----------+
>
> radgroupcheck:
> +----+-----------+----------------+----+-------+
> | id | GroupName | Attribute | op | Value |
> +----+-----------+----------------+----+-------+
> | 42 | A1 | NAS-Identifier | == | ID-A1 |
> | 43 | A2 | NAS-Identifier | == | ID-A2 |
> | 44 | A2 | NAS-Identifier | == | ID-A3 |
> +----+-----------+----------------+----+-------+
>
> radgroupreply:
> +----+-----------+---------------+----+--------+
> | id | GroupName | Attribute | op | Value |
> +----+-----------+---------------+----+--------+
> | 52 | A1 | Auth-Type | := | Accept |
> | 53 | A1 | Fall-Through | := | No |
> | 54 | A2 | Auth-Type | := | Reject |
> | 55 | A2 | Fall-Through | := | Yes |
> | 56 | A3 | Auth-Type | := | Accept |
> | 57 | A3 | Fall-Through | := | No |
> +----+-----------+---------------+----+--------+
>
> However, if the radius does not follow the algorithm
> described in http://wiki.freeradius.org/Rlm_sql,
> then this setup should not work.
>
> Do you have any suggestion or idea on how to make the
> scenario above work?
>
> Regards,
> Dashamir
>
>
> Dashamir Hoxha wrote:
> > I have installed freeradius-1.1.7 in fedora8. However I find that the
> > module
> > rlm_sql does not work as described in this page:
> > http://wiki.freeradius.org/Rlm_sql
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080117/228fbe2f/attachment.html>
More information about the Freeradius-Users
mailing list