Hi Hugh: Sometime ago I posted this email but I am getting tired of processing big flat logs for reports. What should I have to add to my cfg to have the ACCOUNTING going to the ACCOUNTING table and hence use radcgi and radwho for reports?
regards, Rolando -----Mensaje original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]En nombre de Hugh Irvine Enviado el: Wednesday, June 12, 2002 6:14 PM Para: Rolando Riley; [EMAIL PROTECTED] Asunto: Re: (RADIATOR) Users Blacklists Hello Rolando - You are close, but not quite there. Here is what to do: # Check-Users file # ENTRADA default para chequear la tabla BLACKLIST DEFAULT Auth-Type = VE_blacklist DEFAULT Auth-Type = Accept Your BLACKLIST SQL table should contain this: USERNAME REJECT someuser Auth-Type = "Reject: This user is on the BLACKLIST" anotheruser Auth-Type = "Reject: This user is on the BLACKLIST" Here is a snippet of my radius.cfg ---------------------- <AuthBy SQL> Identifier VE_blacklist DBSource ...... DBUsername ...... DBAuth ...... AuthSelect select "REJECT" from BLACKLIST \ where USERNAME='%n' AuthColumnDef 0, GENERIC, check AccountingTable </AuthBy> <AuthBy FILE> Identifier CheckUSERS Filename %D/Check-Users </AuthBy> <AuthBy LDAP2> Identifier CheckLDAP Host ...... AuthDN ...... AuthPassword ...... BaseDN ...... UsernameAttr uid PasswordAttr userPassword </AuthBy> <Realm> UsernameCharset a-zA-Z0-9\._@- MaxSessions 1 RewriteUsername tr/A-Z/a-z/ AuthByPolicy ContinueWhileAccept AuthBy CheckUSERS AuthBy CheckLDAP AcctLogFileName %L/detailu </Realm> Please let me know how you get on. regards Hugh On Thu, 13 Jun 2002 04:52, Rolando Riley wrote: > Hi Hugh: > > Well this time I want to configure a users blacklist and what I want to do > is simple: > 1) Everytime I have a request this list (BLACKLIST) will be checked. If > the user is found the request is Rejected. > NO further queries should be performed after the user is > rejected. > 2) If the user isn't found then the authentication should be done against > LDAP uid and userPassword attributes. > > I have searched the mailing lists and have found something very similar > that was done against "calling stations id". For some reason the user, > although it is being found on the BLACKLIST, radiator continue the > searching and auth process over LDAP. What could I have been doing wrong? > > > > > > Here is the output of Check-Users file > --------------------------------------------- > # ENTRADA default para chequear la tabla BLACKLIST > > DEFAULT Auth-Type = VE_blacklist > > > > Here is a snippet of my radius.cfg > > ---------------------- > > <AuthBy SQL> > Identifier VE_blacklist > DBSource ...... > DBUsername ...... > DBAuth ...... > AuthSelect select "REJECT" from BLACKLIST \ > where USERNAME='%n' > AccountingTable > </AuthBy> > > <AuthBy FILE> > Identifier CheckUSERS > Filename %D/Check-Users > # NoDefaultIfFound > AcceptIfMissing > </AuthBy> > > <AuthBy LDAP2> > Identifier CheckLDAP > Host ...... > AuthDN ...... > AuthPassword ...... > BaseDN ...... > UsernameAttr uid > PasswordAttr userPassword > </AuthBy> > > > <Realm> > UsernameCharset a-zA-Z0-9\._@- > MaxSessions 1 > RewriteUsername tr/A-Z/a-z/ > AuthByPolicy ContinueWhileAccept > AuthBy CheckUSERS > AuthBy CheckLDAP > AcctLogFileName %L/detailu > </Realm> > > ------------------------------ > > > Here is a trace debug 4 of a test: > > > --------------------- > Wed Jun 12 04:57:24 2002: DEBUG: Query is: select NASIDENTIFIER, NASPORT, > ACCTSE SSIONID, FRAMEDIPADDRESS from RADONLINE where > USERNAME='rriley' > Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthFILE: CheckUSERS > Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthFILE looks for match with > rriley > Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthFILE looks for match with > DEFAULT > Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthSQL > Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthSQL: > VE_blacklist Wed Jun 12 04:57:24 2002: DEBUG: Query is: select "REJECT" > from BLACKLIST where USERNAME='rriley' > Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthSQL looks for match with > rriley Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthSQL REJECT: Bad > Password Wed Jun 12 04:57:24 2002: DEBUG: Query is: select "REJECT" from > BLACKLIST where USERNAME='DEFAULT' > Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthFILE REJECT: Bad Password > Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthLDAP2: CheckLDAP > Wed Jun 12 04:57:24 2002: INFO: Connecting to XX.XX.XX.XX, port 389 > Wed Jun 12 04:57:24 2002: INFO: Attempting to bind with (admin dn) > Wed Jun 12 04:57:24 2002: DEBUG: LDAP got result for (my dn) > Wed Jun 12 04:57:24 2002: DEBUG: LDAP got userPassword: xxxxxxxxxxx > Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthLDAP2 looks for match with > rriley > Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthLDAP2 ACCEPT: > Wed Jun 12 04:57:24 2002: DEBUG: Access accepted for rriley > Wed Jun 12 04:57:24 2002: DEBUG: Packet dump: > *** Sending to 127.0.0.1 port 32768 .... > Code: Access-Accept > Identifier: 99 > Authentic: 1234567890123456 > Attributes: > ----------------- > > > cheers, > > ----------------------------------- > Ing. Rolando Riley > Gerente de Sistemas > AYAYAI.COM S.A. > Tel: (507) 265-2424 ext. 408 > ----------------------------------- > > > ______________________________________________ > Ayayai.com Ultra, tu Internet prepago LIBRE DE PUBLICIDAD > http://www.ayayai.com/ultra > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.