Freeradius-Users Digest, Vol 55, Issue 113

Peter Carlstedt pc_007 at hotmail.com
Wed Nov 25 13:58:54 CET 2009



> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20091124/095ab34c/attachment.html>
> 
> ------------------------------
> 
> Message: 2
> Date: Tue, 24 Nov 2009 19:35:17 -0000 (UTC)
> From: tnt at kalik.net
> Subject: Re: The MySQL databases for Freeradius
> To: "FreeRadius users mailing list"
> 	<freeradius-users at lists.freeradius.org>
> Message-ID: <64909.87.194.16.13.1259091317.squirrel at www.kalik.net>
> Content-Type: text/plain;charset=iso-8859-1
> 
> > I am sitting here trying to figure out how FreeRadius works towards MySQL.
> >
> > The database "radcheck" is for a singeluser if I have understood it
> > correctly.
> >
> > What I want to do is that through MS Access make a form where I can add
> > several attributes to the same row in the table.
> >
> > But since radcheck only seem to work with one attribute per row for one
> > user I dont really know how to do.
> 
> You *can* have multiple entries (rows) for each user. You don't have to
> cram everything into a single row.

Okay, but I don´t think it makes any sense that you have multiple inputs of the same user in a table?
Say for example that you have like 200 different users and every user have to have like 3 different attributes. The table would get extremly large.
 What I want to do is to through MySQL link a user to a specific group and in that way start up the segmentation. So depending on what group you are a member in you get into different VLANs etc. That´s why I hoped that I could use "radusergroup" to link a user to a group and then in "radgroupcheck" add group specific attributes like NAS-Port-Id´s or Called-Station-Id´s and in that way being able to do a segmentation on SSID or WLAN. 
> 
> > What I mean is that if I have a user called "test-user" and want to have
> > two attributes for that user, in this case "Cleartext-Password" &
> > "NAS-Port-Id" I need to have two rows for that user.
> 
> Tes, you do.
> 
> > radcheck:
> >
> > ------------------------------------------------------
> >
> > |id|username   |attribute              |op |value             |
> >
> > |1 |user-test   |Cleartext-Password|== |test-pass       |
> 
> That should be :=.
> 
> > |2 |user-test   |NAS-Port-Id          |== |raket             |
> >
> > -------------------------------------------------------
> >
> > The reason I want to make a form is because I want others than me being
> > able to add new users and have them connected to the correct group which
> > then will have a separate VLAN and SSID.
> 
> The form you generate with MS Access will put data into - MS Access
> backend. You can't connect that form to MySQL. If you are a fan of Windows
> use Windows (ASP.NET) forms or webforms which can place data into MySQL.

I have actually being able to do changes to the MySQL table by using MS Access and ODBC.
But I have had some problems making a form that works towards radcheck though.
I´m not really a windows fan, but I need a Backend that restricts the admins for messing up the Freeradius server.
What I need is a GUI where you can search for a specific group and add a new user or edit a user in that group.
I really dont want to see a list of all the users there is and then have to search through 200 users to find the one i wish to edit.
So is it possible with dialupadmin to add a user and link that user to a group so you can only list that groups users?
Also is it possible in anyway to make group specific attributes so I wont have to add SSID restrictions on user level?

I have seen in the source of Freeradius that dialup admin comes with it. I´ve started to think about testing it.
So do I need to build dialupadmin in the same way I did with OpenSSL and FreeRadius or did it get installed at the same time as I installed Freeradius?
Also is there anywhere I can read about how to link dialup admin to MySQL etc.?
> 
> Freeradius comes with it's own admin GUI - dialup admin. There are also
> outside projects like daloRadius. Or you can make your own using things
> like PHP.
> 
> > So then I thought that if i use the table called "radusergroup" and link
> > the user to a specific group it should work in a way that all members of
> > this group may only connect to the network if they try to connect to the
> > correct SSID. It seems that did not work either.
> 
> No, it will not work. Groups in sql emulate DEFAULT entries in users file
> - if chack doesn't match, replies are ignored - user is not rejected.
> 
> > I am at a loss here and
> > dont really know what I should do.
> 
> If you want user to get rejected if SSID doesn't match, you will need to
> make it an entry in radcheck table. As long as the password is there too
> user will be rejected.
> 
> Ivan Kalik

Thank you for your time.

Best regards/ Peter Carlstedt
> 
> 
> 
> *************************************************
 		 	   		  
_________________________________________________________________
Windows Live Hotmail: Your friends can get your Facebook updates, right from Hotmail®.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091125/f066d2e5/attachment.html>


More information about the Freeradius-Users mailing list