Reject user by Calling-Station-Id

Alex M freeradius at lrcommunications.net
Sat Feb 7 01:25:53 CET 2009 

yey thats seam to work, but still getting one problem.
So the comp gets bloket regardless of username, but the Reply-message from
the bloked table is not being displayed. So I have "bloked" huntgroup name
and I have SQL group: Deny_Trial that sends Reply-Message + Reject for  all
its members (which works fine if i assign user to that group)

Here is my debug:

rad_recv: Access-Request packet from host xxx.147.xxx.xxx:60365, id=125,
length=138
        NAS-IP-Address = xxx.147.xxx.xxx
        NAS-Identifier = "domain.com"
        User-Name = "alexus"
        User-Password = "xxxxxxxx"
        Service-Type = Login-User
        NAS-Port-Type = Ethernet
        NAS-Port = 1
        Framed-IP-Address = 192.168.1.244
        Called-Station-Id = "00:0d:b9:xx:xx:xx"
        Calling-Station-Id = "00:0b:6a:xx:xx:xx"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
rlm_sql (sql): - sql_groupcmp
radius_xlat:  'alexus'
rlm_sql (sql): sql_set_user escaped user --> 'alexus'
radius_xlat:  'SELECT GroupName FROM usergroup WHERE UserName='alexus''
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: query:  SELECT GroupName FROM usergroup WHERE
UserName='alexus'
rlm_sql (sql): Released sql socket id: 3
rlm_sql (sql): - sql_groupcmp finished: User does not belong in group
Deny_Trial
No huntgroup access: [alexus] (from client home_segment port 1 cli
00:0b:6a:xx:xx:xx)
  modcall[authorize]: module "preprocess" returns reject for request 2
modcall: leaving group authorize (returns reject) for request 2
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 125 to xxx.147.xxx.xxx port 60365
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 125 with timestamp 498cd334
Nothing to do.  Sleeping until we see a request.



2009/1/31 <tnt at kalik.net>

> Here is a trick from the old days:
>
> Create a huntgroup like:
>
> blocked   Calling-Station-Id == whatever
>               SQL-Group == "suspend"
>
> Where suspend is the group with Auth-Type := Reject in it. That will blok
> him if he is in suspend group or not (only the message in radius.log
> will be different). It means using huntgroups file and restart for each
> change to it but if it's only 3 users ...
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
>
> Dana 31/1/2009, "Alex M" <freeradius at lrcommunications.net> piše:
>
> >damn, upgrade will be painfull for me :(
> >I guess I will try to use other means to block missbehaving users. At
> least
> >we got only 3 people who try to free ride.
> >
> >thanks for help
> >
> >2009/1/31 <tnt at kalik.net>
> >
> >> Ah, sql groups don't work properly in 1.x. Upgrade.
> >>
> >> Ivan Kalik
> >> Kalik Informatika ISP
> >>
> >>
> >> Dana 31/1/2009, "Alex M" <freeradius at lrcommunications.net> piše:
> >>
> >> >I guess its different in newer version of radius but in my 1.5 the only
> >> >table that has PRIO is radgroupreply
> >> >
> >> >and there is table radusergroup instead there is a group called
> usergroup.
> >> >
> >> >I'm getting fustrated. :(
> >> >
> >> >On Fri, Jan 30, 2009 at 7:32 PM, <tnt at kalik.net> wrote:
> >> >
> >> >> >Tried that...
> >> >> >now i'm  getting all users rejected regardless of mac address in the
> >> given
> >> >> >group :(
> >> >>
> >> >> That shouldn't happen. Post the debug.
> >> >>
> >> >> >How do i set priorities?
> >> >>
> >> >> You have priority field in radusergroup table.
> >> >>
> >> >> >I though priorities only apply to radreply.
> >> >>
> >> >> There are no priorities in radreply.
> >> >>
> >> >> >
> >> >> >Do I have to set fall through?
> >> >> >
> >> >>
> >> >> No.
> >> >>
> >> >> Ivan Kalik
> >> >> Kalik Informatika ISP
> >> >>
> >> >> -
> >> >> List info/subscribe/unsubscribe? See
> >> >> http://www.freeradius.org/list/users.html
> >> >>
> >> >
> >> >
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090206/88618122/attachment.html>

More information about the Freeradius-Users mailing list