Reject certificate in use

[Rodrigo Prieto]

Thanks for responding again. I know that it is not easy to configure any
server in Linux. What I did was create a database and import schema.sql.
mysql -u radius -p radius <
/etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql When the client
connects, it writes to the postauth table but when disconnecting and
reconnecting, an error is output from the radcheck table. I'm stuck at that
point. Maybe I have to create my own schema as you told me and stop using
the freeradius schema? Thanks for the patience.

El lun., 11 de noviembre de 2024 08:13, Alan DeKok <
aland at deployingradius.com> escribió:

> On Nov 11, 2024, at 3:40 AM, Rodrigo Prieto <rodrigoprieto2019 at gmail.com>
> wrote:
> >
> > Thanks for responding. I've been trying but I can't solve it. I am a
> novice
> > user and there are things that escape me. I appreciate your help.
>
>   FreeRADIUS isn't something where you can hit a button and it does what
> you want.  FreeRADIUS is more like a set of building blocks.  You can build
> anything you want, but you have to put the pieces together yourself.
>
>   You said you wanted to track who is using what certificate.  This means
> using a database.  FreeRADIUS doesn't include it's own database.  Instead,
> it connects to any external database like redis, SQL, LDAP, etc.
>
>   You need to write a database schema to store the data you want.  You
> need to write queries to read and write the data.  All of the documentation
> for how to do this is *database* documentation, and not *FreeRADIUS*
> documentation.  So we're not going to explain here how to use SQL, LDAP,
> etc.  You've got to go read that documentation.
>
>   Once you have a schema and queries, you can just add the queries to the
> FreeRADIUS config.
>
>   You then need to decide when / where to run the queries in FreeRADIUS.
> You can usually write down simple explanations as sentences:
>
>         when the user logs in, use the Calling-Station-ID to check the
> database for certificate information
>
>         if it isn't found, let them log in.  And then before the server
> sends an Access-Accept, write the Calling-Station-ID and certificate
> information to the database.
>
>         if the certificate information is found in the database, then
> compare the found information to the certificate.
>
>         if the information doesn't match, reject the user.
>
>   When you write down exactly what you want to do, the problem becomes
> much simpler to solve.  It's not a huge unknown thing.  Instead, it's
> broken down into a series of smaller problems, which are easier to solve.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>