Re: Authenticate all, based on NAS IP Addr ?

Sun, 30 Nov 2003 17:15:34 -0800 

Oliver & Kostas, thank you for your advise, the combined files/sql was
succesfull, I only added one line into users files and everything is OK.

(DEFAULT NAS-IP-Address == 1.2.3.4, Auth-Type := Accept)

Thanks,
Kevork.




----- Original Message ----- 
From: "ZORBADELOS KONSTANTINOS" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: "Kevork" <[EMAIL PROTECTED]>
Sent: Wednesday, November 26, 2003 10:30 AM
Subject: Re: Authenticate all, based on NAS IP Addr ?


> At Wed, 26 Nov 2003 09:24:15 -0300,
> Kevork wrote:
> >
> > > On Wed, Nov 26, 2003 at 02:48:53AM -0300, [EMAIL PROTECTED]
wrote:
> > > > Please, some one can giveme some idea about how get freeradius
> > authenticate
> > > > any request that comes from an specified NAS-IP ?.
> > >
> > > This
> > >   NAS-IP-Address == 1.2.3.4
> > >   Auth-Type      := Accept
> > > should do as radcheck.
> > >
> > > Oliver.
> > >
> > Oliver, thank you !,  I tried this on table radchek, for user "DEFAULT"
but
> > no success,
> > also tried creating a group for the user DEFAULT, and setting those A/V
on
> > radgroupcheck, and none ....
> >
> > This is from radius -X, I am sure that may help ... but I can not get
where
> > I have the problem:
> >
> > modcall: entering group authorize
> >   modcall[authorize]: module "preprocess" returns ok
> > radius_xlat:  'tk'
> > sql_set_user:  escaped user --> 'tk'
> > radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
> > Username = 'tk' ORDER BY id'
> > rlm_sql: Reserving sql socket id: 4
> > rlm_sql: User tk not found
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> As you can see your sql query returns no records for this username.
> One configuration that can work is:
> in the users file put
>
> DEFAULT NAS-IP-Address == 1.2.3.4, Auth-Type := Accept
> DEFAULT Autz-Type := SQL1
>
> in this order. Then in radiusd.conf in the authorize section
> do
>
> authorize {
> ....
>
>         Autz-Type SQL1{
>                 sql1
>         }
>
>
>         #
>         #  Read the 'users' file
>         files
> ....
> }
>
>
> Finally in the sql.conf
>
> sql sql1 {
> ....
>         # Database type
>         # Current supported are: rlm_sql_mysql, rlm_sql_postgresql,
>         # rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, rlm_sql_freetds
>         driver = "rlm_sql_oracle"
> ....
> }
>
> In this senario every user coming from NAS 1.2.3.4 will be accepted
> and for the rest the sql authorization will take place.
>
> > radius_xlat:  'SELECT
> >
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
> > ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
> > usergroup.Username = 'tk' AND usergroup.GroupName =
radgroupcheck.GroupName
> > ORDER BY radgroupcheck.id'
> > radius_xlat:  'SELECT
> >
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
> > ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
> > usergroup.Username = 'tk' AND usergroup.GroupName =
radgroupreply.GroupName
> > ORDER BY radgroupreply.id'
> > sql_set_user:  escaped user --> 'DEFAULT'
> > radius_xlat:  'SELECT
> >
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
> > ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
> > usergroup.Username = 'DEFAULT' AND usergroup.GroupName =
> > radgroupcheck.GroupName ORDER BY radgroupcheck.id'
> > radius_xlat:  'SELECT
> >
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
> > ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
> > usergroup.Username = 'DEFAULT' AND usergroup.GroupName =
> > radgroupreply.GroupName ORDER BY radgroupreply.id'
> > rlm_sql: Pairs do not match [DEFAULT]
> > rlm_sql: Released sql socket id: 4
> >   modcall[authorize]: module "sql" returns notfound
> > modcall: group authorize returns ok
> > auth: No Auth-Type configuration for the request, rejecting the user
> > auth: Failed to validate the user.
> >
> >
> >
> > Thank you again,
> > Kevork.
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
> ======================================================
>   Kostas Zorbadelos
>   Currently at: Otenet IT Department
>   mailto: [EMAIL PROTECTED]
>
>   Out there in the darkness, out there in the night
>   out there in the starlight, one soul burns brighter
>   than a thousand suns.
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to