Hello Rolando -
You should do something like this: # define AuthBy clauses <AuthBy SQL> Identifier DoSQLAccounting DBSource ...... DBUsername ...... DBAuth ...... AuthSelect AccountingTable ACCOUNTING AcctColumnDef ..... ...... </AuthBy> <AuthBy SQL> Identifier VE_blacklist DBSource ...... DBUsername ...... DBAuth ...... AuthSelect select "REJECT" from BLACKLIST \ where USERNAME='%n' AuthColumnDef 0, GENERIC, check AccountingTable </AuthBy> <AuthBy FILE> Identifier CheckUSERS Filename %D/Check-Users </AuthBy> <AuthBy LDAP2> Identifier CheckLDAP Host ...... AuthDN ...... AuthPassword ...... BaseDN ...... UsernameAttr uid PasswordAttr userPassword </AuthBy> <AuthBy GROUP> Identifier DoAuthentication AuthByPolicy ContinueWhileAccept AuthBy CheckUSERS AuthBy CheckLDAP </AuthBy> # define Realms <Realm> UsernameCharset a-zA-Z0-9\._@- MaxSessions 1 RewriteUsername tr/A-Z/a-z/ AuthByPolicy ContinueAlways AuthBy DoSQLAccounting AuthBy DoAuthentication AcctLogFileName %L/detailu </Realm> regards Hugh On Saturday, September 28, 2002, at 07:45 AM, Rolando Riley wrote: > Hi Hugh: > > Sometime ago I posted this email but I am getting tired of > processing > big flat logs for reports. What should I have to add to my cfg to > have the > ACCOUNTING going to the ACCOUNTING table and hence use radcgi and > radwho for > reports? > > regards, > > Rolando > > > -----Mensaje original----- > De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]En > nombre de Hugh Irvine > Enviado el: Wednesday, June 12, 2002 6:14 PM > Para: Rolando Riley; [EMAIL PROTECTED] > Asunto: Re: (RADIATOR) Users Blacklists > > > > Hello Rolando - > > You are close, but not quite there. > > Here is what to do: > > # Check-Users file > # ENTRADA default para chequear la tabla BLACKLIST > > DEFAULT Auth-Type = VE_blacklist > > DEFAULT Auth-Type = Accept > > > Your BLACKLIST SQL table should contain this: > > USERNAME REJECT > > someuser Auth-Type = "Reject: This user is on the BLACKLIST" > > anotheruser Auth-Type = "Reject: This user is on the BLACKLIST" > > > Here is a snippet of my radius.cfg > > ---------------------- > > <AuthBy SQL> > Identifier VE_blacklist > DBSource ...... > DBUsername ...... > DBAuth ...... > AuthSelect select "REJECT" from BLACKLIST \ > where USERNAME='%n' > AuthColumnDef 0, GENERIC, check > AccountingTable > </AuthBy> > > <AuthBy FILE> > Identifier CheckUSERS > Filename %D/Check-Users > </AuthBy> > > <AuthBy LDAP2> > Identifier CheckLDAP > Host ...... > AuthDN ...... > AuthPassword ...... > BaseDN ...... > UsernameAttr uid > PasswordAttr userPassword > </AuthBy> > > > <Realm> > UsernameCharset a-zA-Z0-9\._@- > MaxSessions 1 > RewriteUsername tr/A-Z/a-z/ > AuthByPolicy ContinueWhileAccept > AuthBy CheckUSERS > AuthBy CheckLDAP > AcctLogFileName %L/detailu > </Realm> > > > Please let me know how you get on. > > regards > > Hugh > > > On Thu, 13 Jun 2002 04:52, Rolando Riley wrote: >> Hi Hugh: >> >> Well this time I want to configure a users blacklist and what I want >> to > do >> is simple: >> 1) Everytime I have a request this list (BLACKLIST) will be checked. >> If >> the user is found the request is Rejected. >> NO further queries should be performed after the user is >> rejected. >> 2) If the user isn't found then the authentication should be done > against >> LDAP uid and userPassword attributes. >> >> I have searched the mailing lists and have found something very >> similar >> that was done against "calling stations id". For some reason the >> user, >> although it is being found on the BLACKLIST, radiator continue the >> searching and auth process over LDAP. What could I have been doing >> wrong? >> >> >> >> >> >> Here is the output of Check-Users file >> --------------------------------------------- >> # ENTRADA default para chequear la tabla BLACKLIST >> >> DEFAULT Auth-Type = VE_blacklist >> >> >> >> Here is a snippet of my radius.cfg >> >> ---------------------- >> >> <AuthBy SQL> >> Identifier VE_blacklist >> DBSource ...... >> DBUsername ...... >> DBAuth ...... >> AuthSelect select "REJECT" from BLACKLIST \ >> where USERNAME='%n' >> AccountingTable >> </AuthBy> >> >> <AuthBy FILE> >> Identifier CheckUSERS >> Filename %D/Check-Users >> # NoDefaultIfFound >> AcceptIfMissing >> </AuthBy> >> >> <AuthBy LDAP2> >> Identifier CheckLDAP >> Host ...... >> AuthDN ...... >> AuthPassword ...... >> BaseDN ...... >> UsernameAttr uid >> PasswordAttr userPassword >> </AuthBy> >> >> >> <Realm> >> UsernameCharset a-zA-Z0-9\._@- >> MaxSessions 1 >> RewriteUsername tr/A-Z/a-z/ >> AuthByPolicy ContinueWhileAccept >> AuthBy CheckUSERS >> AuthBy CheckLDAP >> AcctLogFileName %L/detailu >> </Realm> >> >> ------------------------------ >> >> >> Here is a trace debug 4 of a test: >> >> >> --------------------- >> Wed Jun 12 04:57:24 2002: DEBUG: Query is: select NASIDENTIFIER, >> NASPORT, >> ACCTSE SSIONID, FRAMEDIPADDRESS from RADONLINE where >> USERNAME='rriley' >> Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthFILE: > CheckUSERS >> Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthFILE looks for match with >> rriley >> Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthFILE looks for match with >> DEFAULT >> Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthSQL >> Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthSQL: >> VE_blacklist Wed Jun 12 04:57:24 2002: DEBUG: Query is: select >> "REJECT" >> from BLACKLIST where USERNAME='rriley' >> Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthSQL looks for match with >> rriley Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthSQL REJECT: Bad >> Password Wed Jun 12 04:57:24 2002: DEBUG: Query is: select "REJECT" >> from >> BLACKLIST where USERNAME='DEFAULT' >> Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthFILE REJECT: Bad Password >> Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthLDAP2: > CheckLDAP >> Wed Jun 12 04:57:24 2002: INFO: Connecting to XX.XX.XX.XX, port 389 >> Wed Jun 12 04:57:24 2002: INFO: Attempting to bind with (admin dn) >> Wed Jun 12 04:57:24 2002: DEBUG: LDAP got result for (my dn) >> Wed Jun 12 04:57:24 2002: DEBUG: LDAP got userPassword: xxxxxxxxxxx >> Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthLDAP2 looks for match >> with >> rriley >> Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthLDAP2 ACCEPT: >> Wed Jun 12 04:57:24 2002: DEBUG: Access accepted for rriley >> Wed Jun 12 04:57:24 2002: DEBUG: Packet dump: >> *** Sending to 127.0.0.1 port 32768 .... >> Code: Access-Accept >> Identifier: 99 >> Authentic: 1234567890123456 >> Attributes: >> ----------------- >> >> >> cheers, >> >> ----------------------------------- >> Ing. Rolando Riley >> Gerente de Sistemas >> AYAYAI.COM S.A. >> Tel: (507) 265-2424 ext. 408 >> ----------------------------------- >> >> >> ______________________________________________ >> Ayayai.com Ultra, tu Internet prepago LIBRE DE PUBLICIDAD >> http://www.ayayai.com/ultra >> >> === >> Archive at http://www.open.com.au/archives/radiator/ >> Announcements on [EMAIL PROTECTED] >> To unsubscribe, email '[EMAIL PROTECTED]' with >> 'unsubscribe radiator' in the body of the message. > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > > > > -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.