Re: (RADIATOR) Users Blacklists

Thu, 13 Jun 2002 16:43:14 -0700 


Hi Rolando -

Sorry about that - I just cut and pasted your original text and I missed the 
quotes - my apologies.

regards

Hugh


On Fri, 14 Jun 2002 07:53, Rolando Riley wrote:
> Looking good so far !!! .  Just one observation though;
>
> AuthSelect select "REJECT" from BLACKLIST \
>                    where USERNAME='%n'
>
> I had to remove the double quotes on "REJECT"  to make it work like this:
>
> AuthSelect select REJECT from BLACKLIST \
>                    where USERNAME='%n'
>
> What happened is that Mysql used "REJECT" as a constant and not as a field.
> Hence that query returned
> just  REJECT  and returning the error "Bad attribute=value pair"
>
>
>
> cheers,
>
> R. Riley
>
>
>
>
> -----Mensaje original-----
> De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]En
> nombre de Hugh Irvine
> Enviado el: Wednesday, June 12, 2002 6:14 PM
> Para: Rolando Riley; [EMAIL PROTECTED]
> Asunto: Re: (RADIATOR) Users Blacklists
>
>
>
> Hello Rolando -
>
> You are close, but not quite there.
>
> Here is what to do:
>
> # Check-Users file
> # ENTRADA default para chequear la tabla BLACKLIST
>
> DEFAULT         Auth-Type = VE_blacklist
>
> DEFAULT       Auth-Type = Accept
>
>
> Your BLACKLIST SQL table should contain this:
>
> USERNAME      REJECT
>
> someuser      Auth-Type = "Reject: This user is on the BLACKLIST"
>
> anotheruser   Auth-Type = "Reject: This user is on the BLACKLIST"
>
>
> Here is a snippet of my radius.cfg
>
> ----------------------
>
> <AuthBy SQL>
>         Identifier VE_blacklist
>         DBSource        ......
>         DBUsername    ......
>         DBAuth          ......
>         AuthSelect select "REJECT" from BLACKLIST \
>                    where USERNAME='%n'
>         AuthColumnDef 0, GENERIC, check
>         AccountingTable
> </AuthBy>
>
> <AuthBy FILE>
>    Identifier CheckUSERS
>    Filename     %D/Check-Users
> </AuthBy>
>
> <AuthBy LDAP2>
>                 Identifier      CheckLDAP
>                 Host            ......
>                 AuthDN          ......
>                 AuthPassword   ......
>                 BaseDN          ......
>                 UsernameAttr    uid
>                 PasswordAttr    userPassword
> </AuthBy>
>
>
> <Realm>
>         UsernameCharset a-zA-Z0-9\._@-
>         MaxSessions 1
>         RewriteUsername tr/A-Z/a-z/
>         AuthByPolicy    ContinueWhileAccept
>         AuthBy CheckUSERS
>         AuthBy CheckLDAP
>         AcctLogFileName %L/detailu
> </Realm>
>
>
> Please let me know how you get on.
>
> regards
>
> Hugh
>
> On Thu, 13 Jun 2002 04:52, Rolando Riley wrote:
> > Hi Hugh:
> >
> >     Well this time I want to configure a users blacklist and what I want to
>
> do
>
> > is simple:
> >     1) Everytime I have a request this list (BLACKLIST) will be checked. If
> > the user is found the request is Rejected.
> >             NO further queries should be performed after the user is
> > rejected.
> >     2) If the  user isn't found then the authentication should be done
>
> against
>
> > LDAP uid and userPassword attributes.
> >
> >     I have searched the mailing lists and have found something very similar
> > that was done against "calling stations id".  For some reason the user,
> > although it is being found on the BLACKLIST, radiator continue the
> > searching and auth process over LDAP.  What could I have been doing
> > wrong?
> >
> >
> >
> >
> >
> > Here is the output of Check-Users file
> > ---------------------------------------------
> > # ENTRADA default para chequear la tabla BLACKLIST
> >
> > DEFAULT             Auth-Type = VE_blacklist
> >
> >
> >
> > Here is a snippet of my radius.cfg
> >
> > ----------------------
> >
> > <AuthBy SQL>
> >     Identifier VE_blacklist
> >         DBSource        ......
> >         DBUsername    ......
> >         DBAuth          ......
> >     AuthSelect select "REJECT" from BLACKLIST \
> >                where USERNAME='%n'
> >     AccountingTable
> > </AuthBy>
> >
> > <AuthBy FILE>
> >    Identifier CheckUSERS
> >    Filename         %D/Check-Users
> > #   NoDefaultIfFound
> >    AcceptIfMissing
> > </AuthBy>
> >
> > <AuthBy LDAP2>
> >             Identifier      CheckLDAP
> >                 Host            ......
> >                 AuthDN          ......
> >                 AuthPassword   ......
> >                 BaseDN          ......
> >                 UsernameAttr    uid
> >                 PasswordAttr    userPassword
> > </AuthBy>
> >
> >
> > <Realm>
> >     UsernameCharset a-zA-Z0-9\._@-
> >     MaxSessions 1
> >     RewriteUsername tr/A-Z/a-z/
> >     AuthByPolicy    ContinueWhileAccept
> >     AuthBy CheckUSERS
> >     AuthBy CheckLDAP
> >     AcctLogFileName %L/detailu
> > </Realm>
> >
> > ------------------------------
> >
> >
> > Here is a trace debug 4 of a test:
> >
> >
> > ---------------------
> > Wed Jun 12 04:57:24 2002: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
> > ACCTSE         SSIONID, FRAMEDIPADDRESS from RADONLINE where
> > USERNAME='rriley'
> > Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthFILE:
>
> CheckUSERS
>
> > Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthFILE looks for match with
> > rriley
> > Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthFILE looks for match with
> > DEFAULT
> > Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthSQL
> > Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthSQL:
> > VE_blacklist Wed Jun 12 04:57:24 2002: DEBUG: Query is: select "REJECT"
> > from BLACKLIST where USERNAME='rriley'
> > Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthSQL looks for match with
> > rriley Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthSQL REJECT: Bad
> > Password Wed Jun 12 04:57:24 2002: DEBUG: Query is: select "REJECT" from
> > BLACKLIST where USERNAME='DEFAULT'
> > Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthFILE REJECT: Bad Password
> > Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthLDAP2:
>
> CheckLDAP
>
> > Wed Jun 12 04:57:24 2002: INFO: Connecting to XX.XX.XX.XX, port 389
> > Wed Jun 12 04:57:24 2002: INFO: Attempting to bind with (admin dn)
> > Wed Jun 12 04:57:24 2002: DEBUG: LDAP got result for (my dn)
> > Wed Jun 12 04:57:24 2002: DEBUG: LDAP got userPassword: xxxxxxxxxxx
> > Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthLDAP2 looks for match with
> > rriley
> > Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthLDAP2 ACCEPT:
> > Wed Jun 12 04:57:24 2002: DEBUG: Access accepted for rriley
> > Wed Jun 12 04:57:24 2002: DEBUG: Packet dump:
> > *** Sending to 127.0.0.1 port 32768 ....
> > Code:       Access-Accept
> > Identifier: 99
> > Authentic:  1234567890123456
> > Attributes:
> > -----------------
> >
> >
> > cheers,
> >
> > -----------------------------------
> > Ing. Rolando Riley
> > Gerente de Sistemas
> > AYAYAI.COM S.A.
> > Tel: (507) 265-2424 ext. 408
> > -----------------------------------
> >
> >
> > ______________________________________________
> > Ayayai.com Ultra, tu Internet prepago LIBRE DE PUBLICIDAD
> > http://www.ayayai.com/ultra
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on [EMAIL PROTECTED]
> > To unsubscribe, email '[EMAIL PROTECTED]' with
> > 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to