Quick enable/disable user account.
2394263740
2394263740 at qq.com
Wed Sep 14 03:33:11 CEST 2011
Christ,
Thanks for your help.
Can you please advise how to configurre a group reject access?
Thanks!
Tom
------------------ Original ------------------
From: "freeradius-users"<freeradius-users-request at lists.freeradius.org>;
Date: Wed, Sep 14, 2011 02:01 AM
To: "freeradius-users"<freeradius-users at lists.freeradius.org>;
Subject: Freeradius-Users Digest, Vol 77, Issue 51
Send Freeradius-Users mailing list submissions to
freeradius-users at lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-request at lists.freeradius.org
You can reach the person managing the list at
freeradius-users-owner at lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. RE: Problem with rml_sqlcounter with GigaByte datavolume
(Nicolas FOUREL)
2. Re: Problem with rml_sqlcounter with GigaByte datavolume
(Suman Dash)
3. Re: Best Practices - maximum NAS entries in clients.conf
(Christ Schlacta)
4. Re: Quick enable/disable user account. (Christ Schlacta)
5. Re: Best Practices - maximum NAS entries in clients.conf
(Arran Cudbard-Bell)
----------------------------------------------------------------------
Message: 1
Date: Tue, 13 Sep 2011 18:30:55 +0200
From: "Nicolas FOUREL" <nicolas.fourel at adipsys.com>
Subject: RE: Problem with rml_sqlcounter with GigaByte datavolume
To: "'FreeRadius users mailing list'"
<freeradius-users at lists.freeradius.org>
Message-ID: <4e6f8544.8dc5e30a.148c.558f at mx.google.com>
Content-Type: text/plain; charset="iso-8859-1"
Hi Arran,
I have get version 3.0.0 with 64 bit counters support from Git and installed
it. Unfortunatly, I still have the same problem with my sql counter which
has always "check_item=0" when I put a value bigger than 2^32. On
Access-Request in debug mode, I have the following lines :
Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: (Check item - counter) is
less than zero
Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: Rejected user foo at bar.com,
check_item=0, counter=68882
Here is my counter definition :
sqlcounter totalinputoctets {
counter-name = Total-Max-Input-Octets
check-name = Max-Input-Octets
reply-name = ChilliSpot-Max-Input-Octets
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(AcctInputOctets) FROM radacct WHERE
UserName='%{%k}'"
}
I have added "Max-Input-Octets" in the dictionary file like that :
ATTRIBUTE Max-Input-Octets 3001 integer64
In radcheck table:
foo at bar.com Max-Input-Octets :=
107374182400
Did I miss a thing ?
Many thanks
Nicolas
-----Message d'origine-----
De?:
freeradius-users-bounces+nicolas.fourel=adipsys.com at lists.freeradius.org
[mailto:freeradius-users-bounces+nicolas.fourel=adipsys.com at lists.freeradius
.org] De la part de Arran Cudbard-Bell
Envoy??: lundi 12 septembre 2011 11:46
??: FreeRadius users mailing list
Objet?: Re: Problem with rml_sqlcounter with GigaByte datavolume
On 12 Sep 2011, at 10:20, nfourel wrote:
> Thanks for your reply but I can't find any version 3.x.x of freeRADIUS.
Where
> can I find it ?
>
http://git.freeradius.org/
3.x.x is currently in development on the master branch.
-Arran
Arran Cudbard-Bell
a.cudbardb at freeradius.org
RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
------------------------------
Message: 2
Date: Tue, 13 Sep 2011 23:09:39 +0530
From: Suman Dash <sumandash at gmail.com>
Subject: Re: Problem with rml_sqlcounter with GigaByte datavolume
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID:
<CAOywgS8G==MvAZPs=s18pYsN36mA+xzGScb9e0KvcPELOHFsng at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
SELECT SUM(AcctInputOctets) FROM radacct WHERE UserName='username'
Run the above query in mysql and post the result
then post the freeradius log specific to this section.
On Tue, Sep 13, 2011 at 10:00 PM, Nicolas FOUREL <nicolas.fourel at adipsys.com
> wrote:
> Hi Arran,
>
> I have get version 3.0.0 with 64 bit counters support from Git and
> installed
> it. Unfortunatly, I still have the same problem with my sql counter which
> has always "check_item=0" when I put a value bigger than 2^32. On
> Access-Request in debug mode, I have the following lines :
>
> Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: (Check item - counter) is
> less than zero
> Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: Rejected user
> foo at bar.com,
> check_item=0, counter=68882
>
> Here is my counter definition :
> sqlcounter totalinputoctets {
> counter-name = Total-Max-Input-Octets
> check-name = Max-Input-Octets
> reply-name = ChilliSpot-Max-Input-Octets
> sqlmod-inst = sql
> key = User-Name
> reset = never
> query = "SELECT SUM(AcctInputOctets) FROM radacct WHERE
> UserName='%{%k}'"
> }
>
> I have added "Max-Input-Octets" in the dictionary file like that :
> ATTRIBUTE Max-Input-Octets 3001 integer64
>
> In radcheck table:
> foo at bar.com Max-Input-Octets :=
> 107374182400
>
>
> Did I miss a thing ?
>
> Many thanks
>
> Nicolas
>
> -----Message d'origine-----
> De :
> freeradius-users-bounces+nicolas.fourel=adipsys.com at lists.freeradius.org
> [mailto:freeradius-users-bounces+nicolas.fourel
> =adipsys.com at lists.freeradius
> .org] De la part de Arran Cudbard-Bell
> Envoy? : lundi 12 septembre 2011 11:46
> ? : FreeRadius users mailing list
> Objet : Re: Problem with rml_sqlcounter with GigaByte datavolume
>
>
> On 12 Sep 2011, at 10:20, nfourel wrote:
>
> > Thanks for your reply but I can't find any version 3.x.x of freeRADIUS.
> Where
> > can I find it ?
> >
>
> http://git.freeradius.org/
>
> 3.x.x is currently in development on the master branch.
>
> -Arran
>
> Arran Cudbard-Bell
> a.cudbardb at freeradius.org
>
> RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/59e78c63/attachment.html>
------------------------------
Message: 3
Date: Tue, 13 Sep 2011 10:39:48 -0700
From: Christ Schlacta <lists at aarcane.org>
Subject: Re: Best Practices - maximum NAS entries in clients.conf
To: freeradius-users at lists.freeradius.org
Message-ID: <4E6F9564.1070103 at aarcane.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 9/13/2011 00:59, Fajar A. Nugraha wrote:
> On Tue, Sep 13, 2011 at 2:43 PM, Phil Mayers<p.mayers at imperial.ac.uk> wrote:
>> On 09/12/2011 10:42 PM, Fajar A. Nugraha wrote:
>>> If I understand raddb/sites-available/dynamic-clients correctly, the
>>> only way to store (well, to retrieve actualy) dynamic clients
>>> definition in SQL is to use "%{sql:" expansion. Is there a way to make
>>> it have some level of redundancy? Last time I check, "%{sql:" can't be
>>> used on "virtual" modules (from instantiate or policy section) which
>>> groups multiple sql instance together using "redundant".
>>>
>> You could also use "exec", rlm_perl/python or whatever, all of which can
>> themselves call SQL.
> possible, though not ideal.
>
>> Or, perform an SQL query that MUST return some output, parse the results and
>> call the individual SQL modules directly - like so:
>>
>> update control {
>> Tmp-String-0 := "%{sql1:select name||','||secret ...}"
>> }
>> if (control:Tmp-String-0 == "") {
>> update control {
>> Tmp-String-0 := "%{sql2:...}"
>> }
>> }
> That's what we currently do (for another purpose, not for dynamic
> client). However:
> - I lost load-balancing feature that comes with redundant-load-balance
> - imagine having to create 8 if-elsif block to properly catch error
> when working with 8 sql nodes, and write the same sql query 8 times in
> the configuration file. Works, but kinda messy.
>
> With current sql module (that only reads nas list from sql during
> startup/HUP) I can use one sql/mysql/*.conf to specify the query, and
> have each sql instance $INCLUDE it. If we can do similar thing with
> "%{sql:" expansion (e.g. store the query in some temporary internal
> variable/attribute) it'd be reduce the measiness greatly, but I
> haven't found out how to do it yet.
>
why not make an arbitrary program that takes the SQL statement as an
argument, and returns from the first successful connection. it can take
a random number between 0 and n-1 on the number of SQL servers you have,
and start connecting from there. you get failover and round-robin load
balancing with the convenience of only having to write your query and
your series of if-else-if statements once.
------------------------------
Message: 4
Date: Tue, 13 Sep 2011 10:46:21 -0700
From: Christ Schlacta <lists at aarcane.org>
Subject: Re: Quick enable/disable user account.
To: freeradius-users at lists.freeradius.org
Message-ID: <4E6F96ED.6080307 at aarcane.org>
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
On 9/13/2011 08:32, 2394263740 wrote:
>
> Hello,
> I'm using free radius server 2.1.11 on Linux Enterprise Server 6.1.
> OS: Linux Enterprise Server 6.1
> Radius: free radius server 2.1.11
> Database: Mysql
>
> Sometime, I need disable a user account in mysql database. And then
> enable it later on after some check complete.
>
> Can you please advise how to toggle such status?
>
> There're may be multiple solutions, please advise them all, so I can
> choose a one most fit the needs.
>
> Thanks!
>
> Tom
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
read up on mysql groups, then use a group that's configured to reject
access. add and delete members from that group as needed to disable and
re-enable their account. that's what groups are there for.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/5fec63c0/attachment.html>
------------------------------
Message: 5
Date: Tue, 13 Sep 2011 20:01:14 +0200
From: Arran Cudbard-Bell <a.cudbardb at freeradius.org>
Subject: Re: Best Practices - maximum NAS entries in clients.conf
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <97DF6DE5-5FDB-416C-A528-FDC68A1D4274 at freeradius.org>
Content-Type: text/plain; charset=us-ascii
On 13 Sep 2011, at 19:39, Christ Schlacta wrote:
> On 9/13/2011 00:59, Fajar A. Nugraha wrote:
>> On Tue, Sep 13, 2011 at 2:43 PM, Phil Mayers<p.mayers at imperial.ac.uk> wrote:
>>> On 09/12/2011 10:42 PM, Fajar A. Nugraha wrote:
>>>> If I understand raddb/sites-available/dynamic-clients correctly, the
>>>> only way to store (well, to retrieve actualy) dynamic clients
>>>> definition in SQL is to use "%{sql:" expansion. Is there a way to make
>>>> it have some level of redundancy? Last time I check, "%{sql:" can't be
>>>> used on "virtual" modules (from instantiate or policy section) which
>>>> groups multiple sql instance together using "redundant".
>>>>
>>> You could also use "exec", rlm_perl/python or whatever, all of which can
>>> themselves call SQL.
>> possible, though not ideal.
>>
>>> Or, perform an SQL query that MUST return some output, parse the results and
>>> call the individual SQL modules directly - like so:
>>>
>>> update control {
>>> Tmp-String-0 := "%{sql1:select name||','||secret ...}"
>>> }
>>> if (control:Tmp-String-0 == "") {
>>> update control {
>>> Tmp-String-0 := "%{sql2:...}"
>>> }
>>> }
>> That's what we currently do (for another purpose, not for dynamic
>> client). However:
>> - I lost load-balancing feature that comes with redundant-load-balance
>> - imagine having to create 8 if-elsif block to properly catch error
>> when working with 8 sql nodes, and write the same sql query 8 times in
>> the configuration file. Works, but kinda messy.
>>
>> With current sql module (that only reads nas list from sql during
>> startup/HUP) I can use one sql/mysql/*.conf to specify the query, and
>> have each sql instance $INCLUDE it. If we can do similar thing with
>> "%{sql:" expansion (e.g. store the query in some temporary internal
>> variable/attribute) it'd be reduce the measiness greatly, but I
>> haven't found out how to do it yet.
>>
> why not make an arbitrary program that takes the SQL statement as an argument, and returns from the first successful connection. it can take a random number between 0 and n-1 on the number of SQL servers you have, and start connecting from there. you get failover and round-robin load balancing with the convenience of only having to write your query and your series of if-else-if statements once.
Calling out to anything outside of FreeRADIUS comes with a big performance penalty.
I do sometimes wonder whether 'update config' would be useful as an interim hack for some of this stuff.
-Arran
Arran Cudbard-Bell
a.cudbardb at freeradius.org
RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.
------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 77, Issue 51
************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110914/2143f566/attachment.html>
More information about the Freeradius-Users
mailing list