Quick enable/disable user account.

2394263740 2394263740 at qq.com
Wed Sep 14 03:33:11 CEST 2011


Christ,
  
 Thanks for your help.
  
 Can you please advise how to configurre a group reject access?
  
 Thanks!
  
 Tom
   
  
  ------------------ Original ------------------
  From:  "freeradius-users"<freeradius-users-request at lists.freeradius.org>;
 Date:  Wed, Sep 14, 2011 02:01 AM
 To:  "freeradius-users"<freeradius-users at lists.freeradius.org>; 
 
 Subject:  Freeradius-Users Digest, Vol 77, Issue 51

  
Send Freeradius-Users mailing list submissions to
freeradius-users at lists.freeradius.org

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-request at lists.freeradius.org

You can reach the person managing the list at
freeradius-users-owner at lists.freeradius.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."


Today's Topics:

   1. RE: Problem with rml_sqlcounter with GigaByte datavolume
      (Nicolas FOUREL)
   2. Re: Problem with rml_sqlcounter with GigaByte datavolume
      (Suman Dash)
   3. Re: Best Practices - maximum NAS entries in clients.conf
      (Christ Schlacta)
   4. Re: Quick enable/disable user account. (Christ Schlacta)
   5. Re: Best Practices - maximum NAS entries in clients.conf
      (Arran Cudbard-Bell)


----------------------------------------------------------------------

Message: 1
Date: Tue, 13 Sep 2011 18:30:55 +0200
From: "Nicolas FOUREL" <nicolas.fourel at adipsys.com>
Subject: RE: Problem with rml_sqlcounter with GigaByte datavolume
To: "'FreeRadius users mailing list'"
<freeradius-users at lists.freeradius.org>
Message-ID: <4e6f8544.8dc5e30a.148c.558f at mx.google.com>
Content-Type: text/plain; charset="iso-8859-1"

Hi Arran,

I have get version 3.0.0 with 64 bit counters support from Git and installed
it. Unfortunatly, I still have the same problem with my sql counter which
has always "check_item=0" when I put a value bigger than 2^32. On
Access-Request in debug mode, I have the following lines : 

Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: (Check item - counter) is
less than zero
Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: Rejected user foo at bar.com,
check_item=0, counter=68882

Here is my counter definition :
sqlcounter totalinputoctets {
        counter-name = Total-Max-Input-Octets
        check-name = Max-Input-Octets
        reply-name = ChilliSpot-Max-Input-Octets
        sqlmod-inst = sql
        key = User-Name
        reset = never
        query = "SELECT SUM(AcctInputOctets) FROM radacct WHERE
UserName='%{%k}'"
}

I have added "Max-Input-Octets" in the dictionary file like that :
ATTRIBUTE       Max-Input-Octets        3001    integer64

In radcheck table:
foo at bar.com Max-Input-Octets :=
107374182400


Did I miss a thing ?

Many thanks

Nicolas

-----Message d'origine-----
De?:
freeradius-users-bounces+nicolas.fourel=adipsys.com at lists.freeradius.org
[mailto:freeradius-users-bounces+nicolas.fourel=adipsys.com at lists.freeradius
.org] De la part de Arran Cudbard-Bell
Envoy??: lundi 12 septembre 2011 11:46
??: FreeRadius users mailing list
Objet?: Re: Problem with rml_sqlcounter with GigaByte datavolume


On 12 Sep 2011, at 10:20, nfourel wrote:

> Thanks for your reply but I can't find any version 3.x.x of freeRADIUS.
Where
> can I find it ?
> 

http://git.freeradius.org/

3.x.x is currently in development on the master branch.

-Arran

Arran Cudbard-Bell
a.cudbardb at freeradius.org

RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




------------------------------

Message: 2
Date: Tue, 13 Sep 2011 23:09:39 +0530
From: Suman Dash <sumandash at gmail.com>
Subject: Re: Problem with rml_sqlcounter with GigaByte datavolume
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID:
<CAOywgS8G==MvAZPs=s18pYsN36mA+xzGScb9e0KvcPELOHFsng at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

SELECT SUM(AcctInputOctets) FROM radacct WHERE  UserName='username'

Run the above query in mysql and post the result

then post the freeradius log specific to this section.

On Tue, Sep 13, 2011 at 10:00 PM, Nicolas FOUREL <nicolas.fourel at adipsys.com
> wrote:

> Hi Arran,
>
> I have get version 3.0.0 with 64 bit counters support from Git and
> installed
> it. Unfortunatly, I still have the same problem with my sql counter which
> has always "check_item=0" when I put a value bigger than 2^32. On
> Access-Request in debug mode, I have the following lines :
>
> Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: (Check item - counter) is
> less than zero
> Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: Rejected user
> foo at bar.com,
> check_item=0, counter=68882
>
> Here is my counter definition :
> sqlcounter totalinputoctets {
>        counter-name = Total-Max-Input-Octets
>        check-name = Max-Input-Octets
>        reply-name = ChilliSpot-Max-Input-Octets
>        sqlmod-inst = sql
>        key = User-Name
>        reset = never
>        query = "SELECT SUM(AcctInputOctets) FROM radacct WHERE
> UserName='%{%k}'"
> }
>
> I have added "Max-Input-Octets" in the dictionary file like that :
> ATTRIBUTE       Max-Input-Octets        3001    integer64
>
> In radcheck table:
> foo at bar.com                     Max-Input-Octets                :=
> 107374182400
>
>
> Did I miss a thing ?
>
> Many thanks
>
> Nicolas
>
> -----Message d'origine-----
> De :
> freeradius-users-bounces+nicolas.fourel=adipsys.com at lists.freeradius.org
> [mailto:freeradius-users-bounces+nicolas.fourel
> =adipsys.com at lists.freeradius
> .org] De la part de Arran Cudbard-Bell
> Envoy? : lundi 12 septembre 2011 11:46
> ? : FreeRadius users mailing list
> Objet : Re: Problem with rml_sqlcounter with GigaByte datavolume
>
>
> On 12 Sep 2011, at 10:20, nfourel wrote:
>
> > Thanks for your reply but I can't find any version 3.x.x of freeRADIUS.
> Where
> > can I find it ?
> >
>
> http://git.freeradius.org/
>
> 3.x.x is currently in development on the master branch.
>
> -Arran
>
> Arran Cudbard-Bell
> a.cudbardb at freeradius.org
>
> RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/59e78c63/attachment.html>

------------------------------

Message: 3
Date: Tue, 13 Sep 2011 10:39:48 -0700
From: Christ Schlacta <lists at aarcane.org>
Subject: Re: Best Practices - maximum NAS entries in clients.conf
To: freeradius-users at lists.freeradius.org
Message-ID: <4E6F9564.1070103 at aarcane.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

On 9/13/2011 00:59, Fajar A. Nugraha wrote:
> On Tue, Sep 13, 2011 at 2:43 PM, Phil Mayers<p.mayers at imperial.ac.uk>  wrote:
>> On 09/12/2011 10:42 PM, Fajar A. Nugraha wrote:
>>> If I understand raddb/sites-available/dynamic-clients correctly, the
>>> only way to store (well, to retrieve actualy) dynamic clients
>>> definition in SQL is to use "%{sql:" expansion. Is there a way to make
>>> it have some level of redundancy? Last time I check, "%{sql:" can't be
>>> used on "virtual" modules (from instantiate or policy section) which
>>> groups multiple sql instance together using "redundant".
>>>
>> You could also use "exec", rlm_perl/python or whatever, all of which can
>> themselves call SQL.
> possible, though not ideal.
>
>> Or, perform an SQL query that MUST return some output, parse the results and
>> call the individual SQL modules directly - like so:
>>
>> update control {
>>   Tmp-String-0 := "%{sql1:select name||','||secret ...}"
>> }
>> if (control:Tmp-String-0 == "") {
>>   update control {
>>     Tmp-String-0 := "%{sql2:...}"
>>   }
>> }
> That's what we currently do (for another purpose, not for dynamic
> client). However:
> - I lost load-balancing feature that comes with redundant-load-balance
> - imagine having to create 8 if-elsif block to properly catch error
> when working with 8 sql nodes, and write the same sql query 8 times in
> the configuration file. Works, but kinda messy.
>
> With current sql module (that only reads nas list from sql during
> startup/HUP) I can use one sql/mysql/*.conf to specify the query, and
> have each sql instance $INCLUDE it. If we can do similar thing with
> "%{sql:" expansion (e.g. store the query in some temporary internal
> variable/attribute) it'd be reduce the measiness greatly, but I
> haven't found out how to do it yet.
>
why not make an arbitrary program that takes the SQL statement as an 
argument, and returns from the first successful connection.  it can take 
a random number between 0 and n-1 on the number of SQL servers you have, 
and start connecting from there.  you get failover and round-robin load 
balancing with the convenience of only having to write your query and 
your series of if-else-if statements once.


------------------------------

Message: 4
Date: Tue, 13 Sep 2011 10:46:21 -0700
From: Christ Schlacta <lists at aarcane.org>
Subject: Re: Quick enable/disable user account.
To: freeradius-users at lists.freeradius.org
Message-ID: <4E6F96ED.6080307 at aarcane.org>
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"

On 9/13/2011 08:32, 2394263740 wrote:
>
> Hello,
> I'm using free radius server 2.1.11 on Linux Enterprise Server 6.1.
> OS: Linux Enterprise Server 6.1
> Radius: free radius server 2.1.11
> Database: Mysql
>
> Sometime, I need disable a user account in mysql database. And then 
> enable it later on after some check complete.
>
> Can you please advise how to toggle such status?
>
> There're may be multiple solutions, please advise them all, so I can 
> choose a one most fit the needs.
>
> Thanks!
>
> Tom
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
read up on mysql groups, then use a group that's configured to reject 
access.  add and delete members from that group as needed to disable and 
re-enable their account.  that's what groups are there for.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/5fec63c0/attachment.html>

------------------------------

Message: 5
Date: Tue, 13 Sep 2011 20:01:14 +0200
From: Arran Cudbard-Bell <a.cudbardb at freeradius.org>
Subject: Re: Best Practices - maximum NAS entries in clients.conf
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <97DF6DE5-5FDB-416C-A528-FDC68A1D4274 at freeradius.org>
Content-Type: text/plain; charset=us-ascii


On 13 Sep 2011, at 19:39, Christ Schlacta wrote:

> On 9/13/2011 00:59, Fajar A. Nugraha wrote:
>> On Tue, Sep 13, 2011 at 2:43 PM, Phil Mayers<p.mayers at imperial.ac.uk>  wrote:
>>> On 09/12/2011 10:42 PM, Fajar A. Nugraha wrote:
>>>> If I understand raddb/sites-available/dynamic-clients correctly, the
>>>> only way to store (well, to retrieve actualy) dynamic clients
>>>> definition in SQL is to use "%{sql:" expansion. Is there a way to make
>>>> it have some level of redundancy? Last time I check, "%{sql:" can't be
>>>> used on "virtual" modules (from instantiate or policy section) which
>>>> groups multiple sql instance together using "redundant".
>>>> 
>>> You could also use "exec", rlm_perl/python or whatever, all of which can
>>> themselves call SQL.
>> possible, though not ideal.
>> 
>>> Or, perform an SQL query that MUST return some output, parse the results and
>>> call the individual SQL modules directly - like so:
>>> 
>>> update control {
>>>  Tmp-String-0 := "%{sql1:select name||','||secret ...}"
>>> }
>>> if (control:Tmp-String-0 == "") {
>>>  update control {
>>>    Tmp-String-0 := "%{sql2:...}"
>>>  }
>>> }
>> That's what we currently do (for another purpose, not for dynamic
>> client). However:
>> - I lost load-balancing feature that comes with redundant-load-balance
>> - imagine having to create 8 if-elsif block to properly catch error
>> when working with 8 sql nodes, and write the same sql query 8 times in
>> the configuration file. Works, but kinda messy.
>> 
>> With current sql module (that only reads nas list from sql during
>> startup/HUP) I can use one sql/mysql/*.conf to specify the query, and
>> have each sql instance $INCLUDE it. If we can do similar thing with
>> "%{sql:" expansion (e.g. store the query in some temporary internal
>> variable/attribute) it'd be reduce the measiness greatly, but I
>> haven't found out how to do it yet.
>> 
> why not make an arbitrary program that takes the SQL statement as an argument, and returns from the first successful connection.  it can take a random number between 0 and n-1 on the number of SQL servers you have, and start connecting from there.  you get failover and round-robin load balancing with the convenience of only having to write your query and your series of if-else-if statements once.

Calling out to anything outside of FreeRADIUS comes with a big performance penalty.

I do sometimes wonder whether 'update config' would be useful as an interim hack for some of this stuff.

-Arran

Arran Cudbard-Bell
a.cudbardb at freeradius.org

RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.




------------------------------

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


End of Freeradius-Users Digest, Vol 77, Issue 51
************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110914/2143f566/attachment.html>


More information about the Freeradius-Users mailing list