> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20091124/095ab34c/attachment.html>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 24 Nov 2009 19:35:17 -0000 (UTC)
> From: t...@kalik.net
> Subject: Re: The MySQL databases for Freeradius
> To: "FreeRadius users mailing list"
> <freeradius-users@lists.freeradius.org>
> Message-ID: <64909.87.194.16.13.1259091317.squir...@www.kalik.net>
> Content-Type: text/plain;charset=iso-8859-1
>
> > I am sitting here trying to figure out how FreeRadius works towards MySQL.
> >
> > The database "radcheck" is for a singeluser if I have understood it
> > correctly.
> >
> > What I want to do is that through MS Access make a form where I can add
> > several attributes to the same row in the table.
> >
> > But since radcheck only seem to work with one attribute per row for one
> > user I dont really know how to do.
>
> You *can* have multiple entries (rows) for each user. You don't have to
> cram everything into a single row.
Okay, but I don´t think it makes any sense that you have multiple inputs of the
same user in a table?
Say for example that you have like 200 different users and every user have to
have like 3 different attributes. The table would get extremly large.
What I want to do is to through MySQL link a user to a specific group and in
that way start up the segmentation. So depending on what group you are a member
in you get into different VLANs etc. That´s why I hoped that I could use
"radusergroup" to link a user to a group and then in "radgroupcheck" add group
specific attributes like NAS-Port-Id´s or Called-Station-Id´s and in that way
being able to do a segmentation on SSID or WLAN.
>
> > What I mean is that if I have a user called "test-user" and want to have
> > two attributes for that user, in this case "Cleartext-Password" &
> > "NAS-Port-Id" I need to have two rows for that user.
>
> Tes, you do.
>
> > radcheck:
> >
> > ------------------------------------------------------
> >
> > |id|username |attribute |op |value |
> >
> > |1 |user-test |Cleartext-Password|== |test-pass |
>
> That should be :=.
>
> > |2 |user-test |NAS-Port-Id |== |raket |
> >
> > -------------------------------------------------------
> >
> > The reason I want to make a form is because I want others than me being
> > able to add new users and have them connected to the correct group which
> > then will have a separate VLAN and SSID.
>
> The form you generate with MS Access will put data into - MS Access
> backend. You can't connect that form to MySQL. If you are a fan of Windows
> use Windows (ASP.NET) forms or webforms which can place data into MySQL.
I have actually being able to do changes to the MySQL table by using MS Access
and ODBC.
But I have had some problems making a form that works towards radcheck though.
I´m not really a windows fan, but I need a Backend that restricts the admins
for messing up the Freeradius server.
What I need is a GUI where you can search for a specific group and add a new
user or edit a user in that group.
I really dont want to see a list of all the users there is and then have to
search through 200 users to find the one i wish to edit.
So is it possible with dialupadmin to add a user and link that user to a group
so you can only list that groups users?
Also is it possible in anyway to make group specific attributes so I wont have
to add SSID restrictions on user level?
I have seen in the source of Freeradius that dialup admin comes with it. I´ve
started to think about testing it.
So do I need to build dialupadmin in the same way I did with OpenSSL and
FreeRadius or did it get installed at the same time as I installed Freeradius?
Also is there anywhere I can read about how to link dialup admin to MySQL etc.?
>
> Freeradius comes with it's own admin GUI - dialup admin. There are also
> outside projects like daloRadius. Or you can make your own using things
> like PHP.
>
> > So then I thought that if i use the table called "radusergroup" and link
> > the user to a specific group it should work in a way that all members of
> > this group may only connect to the network if they try to connect to the
> > correct SSID. It seems that did not work either.
>
> No, it will not work. Groups in sql emulate DEFAULT entries in users file
> - if chack doesn't match, replies are ignored - user is not rejected.
>
> > I am at a loss here and
> > dont really know what I should do.
>
> If you want user to get rejected if SSID doesn't match, you will need to
> make it an entry in radcheck table. As long as the password is there too
> user will be rejected.
>
> Ivan Kalik
Thank you for your time.
Best regards/ Peter Carlstedt
>
>
>
> *************************************************
_________________________________________________________________
Windows Live Hotmail: Your friends can get your Facebook updates, right from
Hotmail®.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html