To diable a group do this: #select * from radgroupcheck; +----+-----------+------------------+--------+----+ | id | GroupName | Attribute | Value | op | +----+-----------+------------------+--------+----+ | 21 | reject | Auth-Type | Reject | := |
the all users with in the group "reject" will not be able to connect. You do not need an entry in radgroupreply for this group, but you can.. it doesn't matter. Atleast this works for me. You can change the GroupName from "reject" to whatever you want.. I just use this for simplicity sake. Nick On Monday 12 August 2002 14:52, Ruslan Balkin wrote: > I have installed FreeRadius 0.6 and then FreeRadius 0.7 on our server. > But, we now have a trouble - I need to disable one account. > We use PostgreSQL for managing our users database. > > We made user-group "frozen" with Auth-Type:=Reject : > radius=# SELECT * FROM radgroupreply WHERE groupname='frozen'; > id | groupname | attribute | value | op > ----+-----------+-----------+--------+---- > 13 | frozen | Auth-Type | Reject | := > (1 row) > > And also I inserted similar reply but for username 'baron': > radius=# SELECT * FROM radreply WHERE username='baron'; > id | username | attribute | value | op > ----+----------+-----------+--------+---- > 18 | baron | Auth-Type | Reject | := > (1 row) > > But it seems to me, it doesn't work: > > [baron@aqua baron]$ radtest baron xxxxxx localhost 0 testing123 > Sending Access-Request of id 252 to 127.0.0.1:1812 > User-Name = "baron" > User-Password = "\202G\341\304\022: \223\334\253\037(1q\031$" > NAS-IP-Address = aqua > NAS-Port-Id = "0" > rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=252, > length=20 > > (Result = Access-Accept). > > Then I took output of radiusd -X: > > [baron@aqua baron]$ cat query.sql > SELECT id,UserName,Attribute,Value FROM radreply WHERE Username = > 'baron' ORDER BY id; > SELECT > radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgro > upreply.Value FROM radgroupreply,usergroup WHERE usergroup.Username = > 'baron' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY > radgroupreply.id; > SELECT Value,Attribute FROM radcheck WHERE UserName = 'baron' AND ( > Attribute = 'User-Password' OR Attribute = 'Crypt-Password' ) ORDER BY > Attribute DESC; > > And here are results: > > [baron@aqua baron]$ psql radius postgres <query.sql > id | username | attribute | value > ----+----------+-----------+-------- > 18 | baron | Auth-Type | Reject > (1 row) > > id | groupname | attribute | value > ----+-----------+-----------+-------- > 13 | frozen | Auth-Type | Reject > (1 row) > > value | attribute > --------+--------------- > xxxxxx | User-Password > (1 row) > > Please tell me, how to disable one username or groupname? What am I > doing wrong? If not, how to fix problem? > Thanks for advice. -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
