sir, it really help me a lot thanks > On Wednesday 18 December 2002 03:48 am, [EMAIL PROTECTED] wrote: >> i have already sucessfully installed mysql and radius and ive encoded >> a thousand of users in the database. >> but i have a problem on how can i add Auth-Type attribute and has a >> Reject value from this id=3014 - 4076, >> >> so all username belongs to that range will be rejected, > > which radius are you using? your manual probably has instructions on > how to do this. the simplest thing, probably, would be to just delete > those IDs from the authentication databases. or change all the > passwords to something else. that way, no one will be able to > authenticate using those ids. e.g., > > delete from user_auth where id>=3014 and id<=4076. > > in cistron radius i can run an external program (using > Exec-Program-Wait) to which i can pass parameters (login, phone number > dialed from, etc). my external program actually does a lot of > expensive database hits and it works acceptably (single auth in one to > two seconds, usually, of course i can auth more than one login per two > seconds since auths can be > parallel, i do OK at up to 5 simultaneous auths). for your case, it's a > simple range check on the id. you should be able to auth > much more quickly than my system does. in my case, the delay is > due to the database and networking overhead. so i can accept the > cost of starting the process since it's low compared to the rest of the > cost. for a simple range check, the cost of starting up processes > starts to become significant. > > i've also modified the radius sources directly for some special things i > needed. if you want to avoid the cost of starting up the external > program every time, you could just modify the sources to add your > checks. i didn't need to do this since performance is acceptable as-is > with > Exec-Program-Wait. but if you have more than, say, 5 authentication > requests per second and only one radius server, then you might want to > build your extensions right into the radius code. > > all of that assumes you use something like cistron radius or freeradius. > if you're using a closed source radius server, well, you'll need to read > the manuals, i guess. or just delete those IDs from your database, as > mentioned above. or change their passwords to random values. > > tiger > > -- > Gerald Timothy Quimpo tiger*quimpo*org gquimpo*sni-inc.com tiger*sni*ph > Public Key: "gpg --keyserver pgp.mit.edu --recv-keys 672F4C78" > Pobrecito mexico tan lejos de Dios y a la vez > tan cerca de los Estados Unidos > Gen. Porfirio Diaz > _ > Philippine Linux Users Group. Web site and archives at > http://plug.linux.org.ph To leave: send "unsubscribe" in the body to > [EMAIL PROTECTED] > > Fully Searchable Archives With Friendly Web Interface at > http://marc.free.net.ph > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to > [EMAIL PROTECTED]
_ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
