On Wednesday 18 December 2002 03:48 am, [EMAIL PROTECTED] wrote:
> i have already sucessfully installed mysql and radius and ive encoded a
> thousand of users in the database.
> but i have a problem on how can i add Auth-Type attribute and has a Reject
> value from this id=3014 - 4076,
>
> so all username belongs to that range will be rejected,
which radius are you using? your manual probably has instructions on
how to do this. the simplest thing, probably, would be to just delete
those IDs from the authentication databases. or change all the passwords
to something else. that way, no one will be able to authenticate using
those ids. e.g.,
delete from user_auth where id>=3014 and id<=4076.
in cistron radius i can run an external program (using Exec-Program-Wait)
to which i can pass parameters (login, phone number dialed from, etc).
my external program actually does a lot of expensive database hits and it
works acceptably (single auth in one to two seconds, usually, of course
i can auth more than one login per two seconds since auths can be
parallel, i do OK at up to 5 simultaneous auths). for your case, it's a
simple range check on the id. you should be able to auth
much more quickly than my system does. in my case, the delay is
due to the database and networking overhead. so i can accept the
cost of starting the process since it's low compared to the rest of the
cost. for a simple range check, the cost of starting up processes
starts to become significant.
i've also modified the radius sources directly for some special things i
needed. if you want to avoid the cost of starting up the external program
every time, you could just modify the sources to add your checks. i
didn't need to do this since performance is acceptable as-is with
Exec-Program-Wait. but if you have more than, say, 5 authentication
requests per second and only one radius server, then you might want to
build your extensions right into the radius code.
all of that assumes you use something like cistron radius or freeradius.
if you're using a closed source radius server, well, you'll need to read
the manuals, i guess. or just delete those IDs from your database,
as mentioned above. or change their passwords to random values.
tiger
--
Gerald Timothy Quimpo tiger*quimpo*org gquimpo*sni-inc.com tiger*sni*ph
Public Key: "gpg --keyserver pgp.mit.edu --recv-keys 672F4C78"
Pobrecito mexico tan lejos de Dios y a la vez
tan cerca de los Estados Unidos
Gen. Porfirio Diaz
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
