Hi Rolando -
Sorry about that - I just cut and pasted your original text and I missed the quotes - my apologies. regards Hugh On Fri, 14 Jun 2002 07:53, Rolando Riley wrote: > Looking good so far !!! . Just one observation though; > > AuthSelect select "REJECT" from BLACKLIST \ > where USERNAME='%n' > > I had to remove the double quotes on "REJECT" to make it work like this: > > AuthSelect select REJECT from BLACKLIST \ > where USERNAME='%n' > > What happened is that Mysql used "REJECT" as a constant and not as a field. > Hence that query returned > just REJECT and returning the error "Bad attribute=value pair" > > > > cheers, > > R. Riley > > > > > -----Mensaje original----- > De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]En > nombre de Hugh Irvine > Enviado el: Wednesday, June 12, 2002 6:14 PM > Para: Rolando Riley; [EMAIL PROTECTED] > Asunto: Re: (RADIATOR) Users Blacklists > > > > Hello Rolando - > > You are close, but not quite there. > > Here is what to do: > > # Check-Users file > # ENTRADA default para chequear la tabla BLACKLIST > > DEFAULT Auth-Type = VE_blacklist > > DEFAULT Auth-Type = Accept > > > Your BLACKLIST SQL table should contain this: > > USERNAME REJECT > > someuser Auth-Type = "Reject: This user is on the BLACKLIST" > > anotheruser Auth-Type = "Reject: This user is on the BLACKLIST" > > > Here is a snippet of my radius.cfg > > ---------------------- > > <AuthBy SQL> > Identifier VE_blacklist > DBSource ...... > DBUsername ...... > DBAuth ...... > AuthSelect select "REJECT" from BLACKLIST \ > where USERNAME='%n' > AuthColumnDef 0, GENERIC, check > AccountingTable > </AuthBy> > > <AuthBy FILE> > Identifier CheckUSERS > Filename %D/Check-Users > </AuthBy> > > <AuthBy LDAP2> > Identifier CheckLDAP > Host ...... > AuthDN ...... > AuthPassword ...... > BaseDN ...... > UsernameAttr uid > PasswordAttr userPassword > </AuthBy> > > > <Realm> > UsernameCharset a-zA-Z0-9\._@- > MaxSessions 1 > RewriteUsername tr/A-Z/a-z/ > AuthByPolicy ContinueWhileAccept > AuthBy CheckUSERS > AuthBy CheckLDAP > AcctLogFileName %L/detailu > </Realm> > > > Please let me know how you get on. > > regards > > Hugh > > On Thu, 13 Jun 2002 04:52, Rolando Riley wrote: > > Hi Hugh: > > > > Well this time I want to configure a users blacklist and what I want to > > do > > > is simple: > > 1) Everytime I have a request this list (BLACKLIST) will be checked. If > > the user is found the request is Rejected. > > NO further queries should be performed after the user is > > rejected. > > 2) If the user isn't found then the authentication should be done > > against > > > LDAP uid and userPassword attributes. > > > > I have searched the mailing lists and have found something very similar > > that was done against "calling stations id". For some reason the user, > > although it is being found on the BLACKLIST, radiator continue the > > searching and auth process over LDAP. What could I have been doing > > wrong? > > > > > > > > > > > > Here is the output of Check-Users file > > --------------------------------------------- > > # ENTRADA default para chequear la tabla BLACKLIST > > > > DEFAULT Auth-Type = VE_blacklist > > > > > > > > Here is a snippet of my radius.cfg > > > > ---------------------- > > > > <AuthBy SQL> > > Identifier VE_blacklist > > DBSource ...... > > DBUsername ...... > > DBAuth ...... > > AuthSelect select "REJECT" from BLACKLIST \ > > where USERNAME='%n' > > AccountingTable > > </AuthBy> > > > > <AuthBy FILE> > > Identifier CheckUSERS > > Filename %D/Check-Users > > # NoDefaultIfFound > > AcceptIfMissing > > </AuthBy> > > > > <AuthBy LDAP2> > > Identifier CheckLDAP > > Host ...... > > AuthDN ...... > > AuthPassword ...... > > BaseDN ...... > > UsernameAttr uid > > PasswordAttr userPassword > > </AuthBy> > > > > > > <Realm> > > UsernameCharset a-zA-Z0-9\._@- > > MaxSessions 1 > > RewriteUsername tr/A-Z/a-z/ > > AuthByPolicy ContinueWhileAccept > > AuthBy CheckUSERS > > AuthBy CheckLDAP > > AcctLogFileName %L/detailu > > </Realm> > > > > ------------------------------ > > > > > > Here is a trace debug 4 of a test: > > > > > > --------------------- > > Wed Jun 12 04:57:24 2002: DEBUG: Query is: select NASIDENTIFIER, NASPORT, > > ACCTSE SSIONID, FRAMEDIPADDRESS from RADONLINE where > > USERNAME='rriley' > > Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthFILE: > > CheckUSERS > > > Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthFILE looks for match with > > rriley > > Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthFILE looks for match with > > DEFAULT > > Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthSQL > > Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthSQL: > > VE_blacklist Wed Jun 12 04:57:24 2002: DEBUG: Query is: select "REJECT" > > from BLACKLIST where USERNAME='rriley' > > Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthSQL looks for match with > > rriley Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthSQL REJECT: Bad > > Password Wed Jun 12 04:57:24 2002: DEBUG: Query is: select "REJECT" from > > BLACKLIST where USERNAME='DEFAULT' > > Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthFILE REJECT: Bad Password > > Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthLDAP2: > > CheckLDAP > > > Wed Jun 12 04:57:24 2002: INFO: Connecting to XX.XX.XX.XX, port 389 > > Wed Jun 12 04:57:24 2002: INFO: Attempting to bind with (admin dn) > > Wed Jun 12 04:57:24 2002: DEBUG: LDAP got result for (my dn) > > Wed Jun 12 04:57:24 2002: DEBUG: LDAP got userPassword: xxxxxxxxxxx > > Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthLDAP2 looks for match with > > rriley > > Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthLDAP2 ACCEPT: > > Wed Jun 12 04:57:24 2002: DEBUG: Access accepted for rriley > > Wed Jun 12 04:57:24 2002: DEBUG: Packet dump: > > *** Sending to 127.0.0.1 port 32768 .... > > Code: Access-Accept > > Identifier: 99 > > Authentic: 1234567890123456 > > Attributes: > > ----------------- > > > > > > cheers, > > > > ----------------------------------- > > Ing. Rolando Riley > > Gerente de Sistemas > > AYAYAI.COM S.A. > > Tel: (507) 265-2424 ext. 408 > > ----------------------------------- > > > > > > ______________________________________________ > > Ayayai.com Ultra, tu Internet prepago LIBRE DE PUBLICIDAD > > http://www.ayayai.com/ultra > > > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.