Reject user by Calling-Station-Id
Alex M
freeradius at lrcommunications.net
Sat Feb 7 01:25:53 CET 2009
yey thats seam to work, but still getting one problem.
So the comp gets bloket regardless of username, but the Reply-message from
the bloked table is not being displayed. So I have "bloked" huntgroup name
and I have SQL group: Deny_Trial that sends Reply-Message + Reject for all
its members (which works fine if i assign user to that group)
Here is my debug:
rad_recv: Access-Request packet from host xxx.147.xxx.xxx:60365, id=125,
length=138
NAS-IP-Address = xxx.147.xxx.xxx
NAS-Identifier = "domain.com"
User-Name = "alexus"
User-Password = "xxxxxxxx"
Service-Type = Login-User
NAS-Port-Type = Ethernet
NAS-Port = 1
Framed-IP-Address = 192.168.1.244
Called-Station-Id = "00:0d:b9:xx:xx:xx"
Calling-Station-Id = "00:0b:6a:xx:xx:xx"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
rlm_sql (sql): - sql_groupcmp
radius_xlat: 'alexus'
rlm_sql (sql): sql_set_user escaped user --> 'alexus'
radius_xlat: 'SELECT GroupName FROM usergroup WHERE UserName='alexus''
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: query: SELECT GroupName FROM usergroup WHERE
UserName='alexus'
rlm_sql (sql): Released sql socket id: 3
rlm_sql (sql): - sql_groupcmp finished: User does not belong in group
Deny_Trial
No huntgroup access: [alexus] (from client home_segment port 1 cli
00:0b:6a:xx:xx:xx)
modcall[authorize]: module "preprocess" returns reject for request 2
modcall: leaving group authorize (returns reject) for request 2
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 125 to xxx.147.xxx.xxx port 60365
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 125 with timestamp 498cd334
Nothing to do. Sleeping until we see a request.
2009/1/31 <tnt at kalik.net>
> Here is a trick from the old days:
>
> Create a huntgroup like:
>
> blocked Calling-Station-Id == whatever
> SQL-Group == "suspend"
>
> Where suspend is the group with Auth-Type := Reject in it. That will blok
> him if he is in suspend group or not (only the message in radius.log
> will be different). It means using huntgroups file and restart for each
> change to it but if it's only 3 users ...
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
>
> Dana 31/1/2009, "Alex M" <freeradius at lrcommunications.net> piše:
>
> >damn, upgrade will be painfull for me :(
> >I guess I will try to use other means to block missbehaving users. At
> least
> >we got only 3 people who try to free ride.
> >
> >thanks for help
> >
> >2009/1/31 <tnt at kalik.net>
> >
> >> Ah, sql groups don't work properly in 1.x. Upgrade.
> >>
> >> Ivan Kalik
> >> Kalik Informatika ISP
> >>
> >>
> >> Dana 31/1/2009, "Alex M" <freeradius at lrcommunications.net> piše:
> >>
> >> >I guess its different in newer version of radius but in my 1.5 the only
> >> >table that has PRIO is radgroupreply
> >> >
> >> >and there is table radusergroup instead there is a group called
> usergroup.
> >> >
> >> >I'm getting fustrated. :(
> >> >
> >> >On Fri, Jan 30, 2009 at 7:32 PM, <tnt at kalik.net> wrote:
> >> >
> >> >> >Tried that...
> >> >> >now i'm getting all users rejected regardless of mac address in the
> >> given
> >> >> >group :(
> >> >>
> >> >> That shouldn't happen. Post the debug.
> >> >>
> >> >> >How do i set priorities?
> >> >>
> >> >> You have priority field in radusergroup table.
> >> >>
> >> >> >I though priorities only apply to radreply.
> >> >>
> >> >> There are no priorities in radreply.
> >> >>
> >> >> >
> >> >> >Do I have to set fall through?
> >> >> >
> >> >>
> >> >> No.
> >> >>
> >> >> Ivan Kalik
> >> >> Kalik Informatika ISP
> >> >>
> >> >> -
> >> >> List info/subscribe/unsubscribe? See
> >> >> http://www.freeradius.org/list/users.html
> >> >>
> >> >
> >> >
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090206/88618122/attachment.html>
More information about the Freeradius-Users
mailing list