To diable a group do this:
#select * from radgroupcheck;
+----+-----------+------------------+--------+----+
| id | GroupName | Attribute | Value | op |
+----+-----------+------------------+--------+----+
| 21 | reject | Auth-Type | Reject | := |
the all users with in the group "reject" will not be able to connect. You do
not need an entry in radgroupreply for this group, but you can.. it doesn't
matter.
Atleast this works for me.
You can change the GroupName from "reject" to whatever you want.. I just use
this for simplicity sake.
Nick
On Thursday 03 October 2002 10:36, William Ragsdale wrote:
> Greetings,
> I have set up freeradius 0.7.1 using mySQL authentication. Everything
> works, except that users who have a group aren't being rejected based on
> group.
>
> I have a group called nonprof that is restricted to 8am to 5pm
> (Any0800-1700). Those in the group that are alloed to login (using the
> authorize_check_query/authorize_reply_query) should then be checked against
> the Radius_Grp table to see if they are in a group and if so, the values
> from Radius_Grp_Reply should work, but they seem to be ignored. I set up a
> disabled group, with Auth-Type := reject and it ignores that group when I
> try to get them to log in (ie it lets them in!).
>
> Below is excepts from the my trace on the test server. If you need more
> information, let me know, I will be happy to provide it.
>
>
>
> From trace:
>
> sql: sql_user_name = "%{Stripped-User-Name:-%{User-Name}}"
> sql: authorize_check_query = "SELECT RID, username, attribute, password,
> op FROM Radius LEFT JOIN Billing ON Radius.RID = Billing.BID LEFT JOIN
> Invoices_Include ON Radius.IID = Invoices_Include.ID LEFT JOIN Services ON
> Services.ID = Invoices_Include.service_ID LEFT JOIN Status on Status.ID =
> Invoices_Include.status_ID WHERE username = '%{SQL-User-Name}' AND
> Status.active = 1 AND Services.dialup= 1 ORDER BY RID" sql:
> authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM
> Radius_Reply WHERE UserName = '%{SQL-User-Name}' ORDER BY id" sql:
> authorize_group_check_query = "SELECT
> Radius_Grp_Check.ID,Radius_Grp_Check.groupname,Radius_Grp_Check.attribute,R
>adius_Grp_Check.value,Radius_Grp_Check.op FROM Radius_Grp_Check,Radius_Grp
> WHERE Radius_Grp.username = '%{SQL-User-Name}' AND Radius_Grp.groupname =
> Radius_Grp_Check.groupName ORDER BY Radius_Grp_Check.ID" sql:
> authorize_group_reply_query = "SELECT
> Radius_Grp_Reply.ID,Radius_Grp_Reply.groupname,Radius_Grp_Reply.attribute,R
>adius_Grp_Reply.value,Radius_Grp_Reply.op FROM Radius_Grp_Reply,Radius_Grp
> WHERE Radius_Grp.username = '%{SQL-User-Name}' AND Radius_Grp.groupname =
> Radius_Grp_Reply.GroupName ORDER BY Radius_Grp_Reply.ID" sql:
> authenticate_query = "SELECT password,attribute FROM Radius LEFT JOIN
> Billing on Radius.RID = Billing.BID LEFT JOIN Status on Billing.status_ID =
> Status.ID LEFT JOIN Invoices_Include ON Radius.IID = Invoices_Include.ID
> LEFT JOIN Services ON Services.ID = Invoices_Include.service_ID WHERE
> (username = '%{User-Name}' AND Status.active = 1 AND Services.dialup = 1)
> AND ( attribute = 'User-Password' OR attribute = 'Password' OR attribute =
> 'Crypt-Password' ) ORDER BY attribute DESC"
>
> ...
>
> sql_set_user: escaped user --> 'eaglevillage'
> radius_xlat: 'SELECT RID, username, attribute, password, op FROM Radius
> LEFT JOIN Billing ON Radius.RID = Billing.BID LEFT JOIN Invoices_Include ON
> Radius.IID = Invoices_Include.ID LEFT JOIN Services ON Services.ID =
> Invoices_Include.service_ID LEFT JOIN Status on Status.ID =
> Invoices_Include.status_ID WHERE username = 'eaglevillage' AND
> Status.active = 1 AND Services.dialup= 1 ORDER BY RID' rlm_sql: Reserving
> sql socket id: 4
> radius_xlat: 'SELECT
> Radius_Grp_Check.ID,Radius_Grp_Check.groupname,Radius_Grp_Check.attribute,R
>adius_Grp_Check.value,Radius_Grp_Check.op FROM Radius_Grp_Check,Radius_Grp
> WHERE Radius_Grp.username = 'eaglevillage' AND Radius_Grp.groupname =
> Radius_Grp_Check.groupName ORDER BY Radius_Grp_Check.ID' radius_xlat:
> 'SELECT id,UserName,Attribute,Value,op FROM Radius_Reply WHERE UserName =
> 'eaglevillage' ORDER BY id' radius_xlat: 'SELECT
> Radius_Grp_Reply.ID,Radius_Grp_Reply.groupname,Radius_Grp_Reply.attribute,R
>adius_Grp_Reply.value,Radius_Grp_Reply.op FROM Radius_Grp_Reply,Radius_Grp
> WHERE Radius_Grp.username = 'eaglevillage' AND Radius_Grp.groupname =
> Radius_Grp_Reply.GroupName ORDER BY Radius_Grp_Reply.ID' radius_xlat:
> 'SELECT password,attribute FROM Radius LEFT JOIN Billing on Radius.RID =
> Billing.BID LEFT JOIN Status on Billing.status_ID = Status.ID LEFT JOIN
> Invoices_Include ON Radius.IID = Invoices_Include.ID LEFT JOIN Services ON
> Services.ID = Invoices_Include.service_ID WHERE (username = 'eaglevillage'
> AND Status.active = 1 AND Services.dialup = 1) AND ( attribute =
> 'User-Password' OR attribute = 'Password' OR attribute = 'Crypt-Password' )
> ORDER BY attribute DESC' rlm_sql: Released sql socket id: 4
> modcall[authorize]: module "sql" returns ok
> modcall: group authorize returns ok
> auth: type Local
> auth: user supplied User-Password matches local User-Password
> Login OK: [eaglevillage] (from client flyer port 0)
--
Nick Davis
Associate Systems Administrator
[EMAIL PROTECTED]
Internet Exposure, Inc.
http://www.iexposure.com
(612)676-1946
Web Development-Web Marketing-ISP Services
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
