Re: Rejecting CallingStationId
[EMAIL PROTECTED] escreveu:
I could ban or reject a specific CallingStationID? , the only examples I seen is on a
specific user or group of users, on file /etc/users
...
and I think it worked just fine, the question now is, I could have this Called, and
Calling stations id in a sql table, so my script for blocking/baning Called or Calling
would be in a sql table and not restart radius each time I add a new rule on users file
I changed the default SQL queries to do this. I'll try to explain how
(using MySQL).
First I created a table to store the bad CallingStationIDs.
CREATE TABLE `bad_callingstationids` (
`CALLINGSTATIONID` varchar(18) NOT NULL default '',
`OBSERVATION` varchar(100) NOT NULL default '',
PRIMARY KEY (`CALLINGSTATIONID`)
)
Then I changed the authorize_check_query in the sql.conf file to this:
SELECT id,UserName,Attribute,Value,op
FROM ${authcheck_table} LEFT JOIN bad_callingstationids ON
'%{Calling-Station-Id}' = bad_callingstationids.CALLINGSTATIONID
WHERE Username = '%{SQL-User-Name}' AND
bad_callingstationids.CALLINGSTATIONID IS NULL ORDER BY id
Hope that's understandable,
Keith Yoder
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rejecting CallingStationId
On 1 Sep 2004 at 8:34, Keith Yoder wrote:
I changed the default SQL queries to do this. I'll try to explain how
(using MySQL).
First I created a table to store the bad CallingStationIDs.
CREATE TABLE `bad_callingstationids` (
`CALLINGSTATIONID` varchar(18) NOT NULL default '',
`OBSERVATION` varchar(100) NOT NULL default '',
PRIMARY KEY (`CALLINGSTATIONID`)
)
ok create the table.. here I will add something like:
CREATE TABLE `bad_callingstationids` (
`callingstationid` varchar(18) NOT NULL default '',
`id_calledstationid` varchar(18) NOT NULL default '',
`OBSERVATION` varchar(100) NOT NULL default '',
PRIMARY KEY (`callingstationid`)
)
CREATE TABLE `calledstationids` (
`calledstationid` varchar(18) NOT NULL default '',
`900number` varchar(18) NOT NULL default '',
`OBSERVATION` varchar(100) NOT NULL default '',
PRIMARY KEY (`calledstationid`)
)
so I could separate the also that number from the line is coming.
Then I changed the authorize_check_query in the sql.conf file to this:
SELECT id,UserName,Attribute,Value,op
FROM ${authcheck_table} LEFT JOIN bad_callingstationids ON
'%{Calling-Station-Id}' = bad_callingstationids.CALLINGSTATIONID
WHERE Username = '%{SQL-User-Name}' AND
bad_callingstationids.CALLINGSTATIONID IS NULL ORDER BY id
Understood, but I have a problem maybe you know a way, I should allow any
username or password to log, but I need to block some callingstationids if they due
their time, and I am thinking a way to structure the authorize_check_query and the
reply to let any login or pass, I just need login with a sufix. like
:DEFAULTSuffix == mx, Auth-Type := Accept
Service-Type = Framed-User,
Framed-Protocol = PPP,
Session-Timeout=900,
Idle-Timeout = 900
and then do a selection of bad_callingstationids (callingstationid AND
calledstationid)
Hope that's understandable,
Keith Yoder
Tnx for your help Keith, intersting aprouch, that made me make some tests! )
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rejecting CallingStationId
I could ban or reject a specific CallingStationID? , the only examples I seen is on a specific user or group of users, on file /etc/users Some nice friends on the list told me to try: DEFAULTCalling-Station-Id =~8183635958, Auth-Type :=Reject I tried it and it works, I tried also some things like DEFAULT Called-Station-Id ==4700,Auth-Type :=Reject DEFAULT Calling-Station-Id ==8183635958, Called-Station-Id ==4700,Auth- Type :=Reject and I think it worked just fine, the question now is, I could have this Called, and Calling stations id in a sql table, so my script for blocking/baning Called or Calling would be in a sql table and not restart radius each time I add a new rule on users file Thanks Armando Leal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rejecting CallingStationId
I could ban or reject a specific CallingStationID? , the only examples I seen is on a specific user or group of users, on file /etc/users There is another option am trying doing a snmp command via the nas and drop each time it connects, but I think is not the best option. Thanks Armando Leal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
