Re: Rejecting CallingStationId
[EMAIL PROTECTED] escreveu: I could ban or reject a specific CallingStationID? , the only examples I seen is on a specific user or group of users, on file /etc/users ... and I think it worked just fine, the question now is, I could have this Called, and Calling stations id in a sql table, so my script for blocking/baning Called or Calling would be in a sql table and not restart radius each time I add a new rule on users file I changed the default SQL queries to do this. I'll try to explain how (using MySQL). First I created a table to store the bad CallingStationIDs. CREATE TABLE `bad_callingstationids` ( `CALLINGSTATIONID` varchar(18) NOT NULL default '', `OBSERVATION` varchar(100) NOT NULL default '', PRIMARY KEY (`CALLINGSTATIONID`) ) Then I changed the authorize_check_query in the sql.conf file to this: SELECT id,UserName,Attribute,Value,op FROM ${authcheck_table} LEFT JOIN bad_callingstationids ON '%{Calling-Station-Id}' = bad_callingstationids.CALLINGSTATIONID WHERE Username = '%{SQL-User-Name}' AND bad_callingstationids.CALLINGSTATIONID IS NULL ORDER BY id Hope that's understandable, Keith Yoder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rejecting CallingStationId
On 1 Sep 2004 at 8:34, Keith Yoder wrote: I changed the default SQL queries to do this. I'll try to explain how (using MySQL). First I created a table to store the bad CallingStationIDs. CREATE TABLE `bad_callingstationids` ( `CALLINGSTATIONID` varchar(18) NOT NULL default '', `OBSERVATION` varchar(100) NOT NULL default '', PRIMARY KEY (`CALLINGSTATIONID`) ) ok create the table.. here I will add something like: CREATE TABLE `bad_callingstationids` ( `callingstationid` varchar(18) NOT NULL default '', `id_calledstationid` varchar(18) NOT NULL default '', `OBSERVATION` varchar(100) NOT NULL default '', PRIMARY KEY (`callingstationid`) ) CREATE TABLE `calledstationids` ( `calledstationid` varchar(18) NOT NULL default '', `900number` varchar(18) NOT NULL default '', `OBSERVATION` varchar(100) NOT NULL default '', PRIMARY KEY (`calledstationid`) ) so I could separate the also that number from the line is coming. Then I changed the authorize_check_query in the sql.conf file to this: SELECT id,UserName,Attribute,Value,op FROM ${authcheck_table} LEFT JOIN bad_callingstationids ON '%{Calling-Station-Id}' = bad_callingstationids.CALLINGSTATIONID WHERE Username = '%{SQL-User-Name}' AND bad_callingstationids.CALLINGSTATIONID IS NULL ORDER BY id Understood, but I have a problem maybe you know a way, I should allow any username or password to log, but I need to block some callingstationids if they due their time, and I am thinking a way to structure the authorize_check_query and the reply to let any login or pass, I just need login with a sufix. like :DEFAULTSuffix == mx, Auth-Type := Accept Service-Type = Framed-User, Framed-Protocol = PPP, Session-Timeout=900, Idle-Timeout = 900 and then do a selection of bad_callingstationids (callingstationid AND calledstationid) Hope that's understandable, Keith Yoder Tnx for your help Keith, intersting aprouch, that made me make some tests! ) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rejecting CallingStationId
I could ban or reject a specific CallingStationID? , the only examples I seen is on a specific user or group of users, on file /etc/users Some nice friends on the list told me to try: DEFAULTCalling-Station-Id =~8183635958, Auth-Type :=Reject I tried it and it works, I tried also some things like DEFAULT Called-Station-Id ==4700,Auth-Type :=Reject DEFAULT Calling-Station-Id ==8183635958, Called-Station-Id ==4700,Auth- Type :=Reject and I think it worked just fine, the question now is, I could have this Called, and Calling stations id in a sql table, so my script for blocking/baning Called or Calling would be in a sql table and not restart radius each time I add a new rule on users file Thanks Armando Leal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rejecting CallingStationId
I could ban or reject a specific CallingStationID? , the only examples I seen is on a specific user or group of users, on file /etc/users There is another option am trying doing a snmp command via the nas and drop each time it connects, but I think is not the best option. Thanks Armando Leal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html