Regards, Tom
Thomas Meggs wrote:
Hi,
I've been trying to implement your suggestion, but it appears SQL has a default deny authorization. I tried creating a DEFAULT user in SQL as a member of the ALLOW group, and then I gave the ALLOW group an AuthType := LDAP. Still no go. Any suggestions or ideas on things that I'm missing? I also tried setting query_on_not_found = yes.
Thanks for any help.
Regards, Tom
Jo�o Filipe Frade wrote:
Yes, that should work.
Put the sql entry before the ldap entry in the "authorize" section.
In the sql database you just need to configure 2 tables:
- Usergroup - say that a specific username belongs to a group (eg. username, BLACKLIST)
- Radgroupcheck - set up BLACKLIST group auth to always fail (e.g. BLACKLIST, Auth-Type, :=, Reject)
Bye,
Joao Frade
-----Original Message-----
From: Thomas Meggs [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 11 de Junho de 2003 6:29
To: [EMAIL PROTECTED]
Subject: user blacklist
Hi,
I have FreeRADIUS setup to authenticate directly against LDAP. However, I need to setup a blacklist of users while at the same time keeping my hands entirely off of the LDAP server.
I am able to implement something of a blacklist by adding the user to the users file and setting their account to be rejected, however this solution isn't ideal as it appears that radiusd has to be reset in order for the users file to be re-read. Please correct me if I'm wrong.
So at any rate, I was wondering if there was any way I could stack where users are called from, say perhaps have it query SQL first, and then if the user isnt there have it query LDAP. That way I can have my blacklisted users sitting inside SQL ready to go.
I'm guessing implementing checking SQL first and LDAP second may be possible via PAM, but I would really rather not go that route. As an alternative to PAM I suppose I could just populate SQL from LDAP.
At any rate, any suggestions on this will be greatly appreciated. Thanks!
Regards, Tom
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
___________________________________________________________ This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient or a person responsible for delivering this transmission to the intended recipient, you are hereby notified that you must not read this transmission and that any disclosure, copying, printing, distribution or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner.
___________________________________________________________
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
___________________________________________________________ This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient or a person responsible for delivering this transmission to the intended recipient, you are hereby notified that you must not read this transmission and that any disclosure, copying, printing, distribution or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner.
___________________________________________________________
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
