Re: how to access CallingStationId and CalledStationId propertes in diaup.conf (sql.conf) in a SQL query
Thanks i am find correct name .
On Sat, Mar 23, 2013 at 5:35 PM, Phil Mayers wrote:
> On 03/23/2013 10:31 AM, Mehdi Ravanbakhsh wrote:
>
>> Dear ALL
>>
>> I use this query by calling stored procedure in database :
>>
>> simul_count_query = "SELECT
>> findout_cuncurrent_sessions_**for_a_user('%{User-Name}','%{**
>> NAS-IP-Address}','%{**CalledStationId}','%{**CallingStationId}')"
>>
>> but I can not access to the value of CallingStationId and
>> CalledStationId.
>>
>>
> You've spelt them wrong. They have hyphens in them.
>
> Run "radiusd -X" and look at what it shows you. Amongst other things, it
> will show you the actual attributes in the packet, and these are the names
> you can use.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
> list/users.html <http://www.freeradius.org/list/users.html>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to access CallingStationId and CalledStationId propertes in diaup.conf (sql.conf) in a SQL query
On 03/23/2013 10:31 AM, Mehdi Ravanbakhsh wrote:
Dear ALL
I use this query by calling stored procedure in database :
simul_count_query = "SELECT
findout_cuncurrent_sessions_for_a_user('%{User-Name}','%{NAS-IP-Address}','%{CalledStationId}','%{CallingStationId}')"
but I can not access to the value of CallingStationId and CalledStationId.
You've spelt them wrong. They have hyphens in them.
Run "radiusd -X" and look at what it shows you. Amongst other things, it
will show you the actual attributes in the packet, and these are the
names you can use.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to access CallingStationId and CalledStationId propertes in diaup.conf (sql.conf) in a SQL query
Dear ALL
I use this query by calling stored procedure in database :
simul_count_query = "SELECT
findout_cuncurrent_sessions_for_a_user('%{User-Name}','%{NAS-IP-Address}','%{CalledStationId}','%{CallingStationId}')"
but I can not access to the value of CallingStationId and CalledStationId.
my radius.log file :
rlm_sql_postgresql: query: SELECT
findout_cuncurrent_sessions_for_a_user('test1','5.190.103.4','','')
rlm_sql_postgresql: Status: PGRES_FATAL_ERROR
rlm_sql_postgresql: Error invalid input syntax for type inet: ""
rlm_sql_postgresql: Postgresql Fatal Error: [22P02: INVALID TEXT
REPRESENTATION] Occurred!!
rlm_sql (sql) sql_checksimul: Database query failed
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Assign IP based on CallingStationID.
Title: RE: Assign IP based on CallingStationID.
The idea is to do IP-assignment based on the
Calling-Station-ID and disregarding the
username,password that is passed to radius.
JOhn
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED].
org]On Behalf Of Collen Blijenberg
Sent: 09 November 2006 15:40
To: FreeRadius users mailing list
Subject: Re: Assign IP based on CallingStationID.
Hmm i tried this, but it ain't working.. ?!
i have:
id - 1
username - blah
attribute - Calling-Stattion-Id
op - ==
value - [mac adress]
still get username ask ?!
no connection.
dunno, what's the idea behinf this query ?
mac = username ?
no username, auth is done true mac ?
Cheers
Collen
John Longland wrote:
>
> authorize_check_query = "select id,UserName,Attribute,Value,op FROM
> ${authcheck_table} WHERE UserName in
> (select UserName from ${authcheck_table} WHERE Value =
> '%{Calling-Station-ID}')
> ORDER BY id"
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Assign IP based on CallingStationID.
Hmm i tried this, but it ain't working.. ?!
i have:
id - 1
username - blah
attribute- Calling-Stattion-Id
op- ==
value - [mac adress]
still get username ask ?!
no connection.
dunno, what's the idea behinf this query ?
mac = username ?
no username, auth is done true mac ?
Cheers
Collen
John Longland wrote:
authorize_check_query = "select id,UserName,Attribute,Value,op FROM
${authcheck_table} WHERE UserName in
(select UserName from ${authcheck_table} WHERE Value =
'%{Calling-Station-ID}')
ORDER BY id"
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Assign IP based on CallingStationID.
Thx Peter, I will try to install 1.1.3 to check sqlippool functions. Peter Nixonn wrote: > > Hi Banga > > We have a large system in production that does almost exactly what you > state. > It can all be done with a few modifications of the sql queries. (Infact we > have a rather complex postgresql stored procedure, but one simpler query > is > possible depending on what you need). > > If you wish to assign dynamic ips, but bound to callingstationid, not > username > this is also possible with sqlippool.. Read the comments in the config > file > in cvs. > > Cheers > > Peter > > On Thu 09 Nov 2006 11:10, banga wrote: >> I use dafault table-layout. >> How I understand you just change username authentication to >> callingstationid authentication inside sql.conf. Thx, it’s really good >> idea. I think that I could do the same by myself, but it will take a >> time. >> Therefore any examples will be very useful. Can you post it here? >> If It’s too big you can send it to me - “nebula-at-inbox-lv”. >> >> >From other side, I need username/password authentication also (for other >> >> users) therefore it will be difficult to implement this ( may be I’ll >> install another freeradius specially for that). >> >> In my situation radius for some users check username/password, for other >> users it should do the next: >> check username/password/callingstationid (in fact username and password >> always the same) >> if callingstationid has specific value (can be dosen specifc >> callingstationid_s) then replay accept and some specific IP for each >> specific callingstationid or just assign ip from radius pool. >> if callingstationid is not in the list of “specific callingstationid” >> then >> just replay accept and NAS will assign ip from equipment’s IP pool >> >> Main Idea: For now most users has the same username and password and it >> is >> not possible to change anything in that. Some callingstationid is not >> friendly for my network (they should have only http traffic). That’s why >> I >> want to assign them IP from specific pool – I going to setup firewall >> rules >> for a such IPs. >> >> Any idea ? >> >> John Longland wrote: >> > Yes, I have just done it. >> > >> > You need to change the sql-statement in /etc/raddb/sql.conf >> > >> > That is the >> > autorize_check_query.Depending on how you use your tables, the query >> > that I am using may or may not work. If you want I can give you the >> > one that works for me if you supply your table-layout. >> > >> > JOhn >> > P.S> The statement I use does NOT check username/password !!! >> > >> > -Original Message- >> > From: >> > [EMAIL PROTECTED] >> > >> [mailto:[EMAIL PROTECTED] >> > org]On Behalf Of banga >> > Sent: 08 November 2006 11:37 >> > To: freeradius-users@lists.freeradius.org >> > Subject: Assign IP based on CallingStationID. >> > >> > >> > >> > Hello all. >> > I use freeradius ver. 1.1.1 + mysql. >> > I use same login/password for couple of users but they has different >> > callingstationid. >> > Is it possible to check callingstationid and asiighn IP based on it? >> > Do I need to create some additional tables in mysql for that? >> > >> > Thx. >> > >> > -- >> > View this message in context: >> > >> http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html >> >#a7 235317 >> > Sent from the FreeRadius - User mailing list archive at Nabble.com. >> > >> > - >> > List info/subscribe/unsubscribe? See >> > http://www.freeradius.org/list/users.html >> > >> > - >> > List info/subscribe/unsubscribe? See >> > http://www.freeradius.org/list/users.html > > -- > > Peter Nixon > http://www.peternixon.net/ > PGP Key: http://www.peternixon.net/public.asc > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7257093 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Assign IP based on CallingStationID.
John , I see the way now.
Thx, for help. I’m going to install test radius in nearest future.
I’ll try to check this query there.
John Longland wrote:
>
>
>
> Here is the query that I put into sql.conf
> Maybe use it and build on it for your
> specific example ??
>
> authorize_check_query = "select id,UserName,Attribute,Value,op FROM
> ${authcheck_table} WHERE UserName in
> (select UserName from ${authcheck_table} WHERE Value =
> '%{Calling-Station-ID}')
> ORDER BY id"
>
> John
>
> -Original Message-
> From:
> [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> org]On Behalf Of banga
> Sent: 08 November 2006 15:14
> To: freeradius-users@lists.freeradius.org
> Subject: Assign IP based on CallingStationID.
>
>
>
> I use dafault table-layout.
> How I understand you just change username authentication to
> callingstationid
> authentication inside sql.conf. Thx, it’s really good idea. I think that I
> could do the same by myself, but it will take a time.
> Therefore any examples will be very useful. Can you post it here?
> If It’s too big you can send it to me - “nebula-at-inbox-lv”.
>
>>From other side, I need username/password authentication also (for other
> users) therefore it will be difficult to implement this ( may be I’ll
> install another freeradius specially for that).
>
> In my situation radius for some users check username/password, for other
> users it should do the next:
> check username/password/callingstationid (in fact username and password
> always the same)
> if callingstationid has specific value (can be dosen specifc
> callingstationid_s) then replay accept and some specific IP for each
> specific callingstationid or just assign ip from radius pool.
> if callingstationid is not in the list of “specific callingstationid”
> then
> just replay accept and NAS will assign ip from equipment’s IP pool
>
> Main Idea: For now most users has the same username and password and it is
> not possible to change anything in that. Some callingstationid is not
> friendly for my network (they should have only http traffic). That’s why I
> want to assign them IP from specific pool – I going to setup firewall
> rules
> for a such IPs.
>
> Any idea ?
>
>
> John Longland wrote:
>>
>> Yes, I have just done it.
>>
>> You need to change the sql-statement in /etc/raddb/sql.conf
>>
>> That is the
>> autorize_check_query.Depending on how you use your tables, the query
>> that I am using may or may not work. If you want I can give you the
>> one that works for me if you supply your table-layout.
>>
>> JOhn
>> P.S> The statement I use does NOT check username/password !!!
>>
>> -Original Message-
>> From:
>> [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED]
>> org]On Behalf Of banga
>> Sent: 08 November 2006 11:37
>> To: freeradius-users@lists.freeradius.org
>> Subject: Assign IP based on CallingStationID.
>>
>>
>>
>> Hello all.
>> I use freeradius ver. 1.1.1 + mysql.
>> I use same login/password for couple of users but they has different
>> callingstationid.
>> Is it possible to check callingstationid and asiighn IP based on it?
>> Do I need to create some additional tables in mysql for that?
>>
>> Thx.
>>
>> --
>> View this message in context:
>>
> http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7
>> 235317
>> Sent from the FreeRadius - User mailing list archive at Nabble.com.
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
> --
> View this message in context:
> http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7
> 238235
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
View this message in context:
http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7257034
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Assign IP based on CallingStationID.
Title: RE: Assign IP based on CallingStationID.
Here is the query that I put into sql.conf
Maybe use it and build on it for your
specific example ??
authorize_check_query = "select id,UserName,Attribute,Value,op FROM
${authcheck_table} WHERE UserName in
(select UserName from ${authcheck_table} WHERE Value = '%{Calling-Station-ID}')
ORDER BY id"
John
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED].
org]On Behalf Of banga
Sent: 08 November 2006 15:14
To: freeradius-users@lists.freeradius.org
Subject: Assign IP based on CallingStationID.
I use dafault table-layout.
How I understand you just change username authentication to callingstationid
authentication inside sql.conf. Thx, it’s really good idea. I think that I
could do the same by myself, but it will take a time.
Therefore any examples will be very useful. Can you post it here?
If It’s too big you can send it to me - “nebula-at-inbox-lv”.
>From other side, I need username/password authentication also (for other
users) therefore it will be difficult to implement this ( may be I’ll
install another freeradius specially for that).
In my situation radius for some users check username/password, for other
users it should do the next:
check username/password/callingstationid (in fact username and password
always the same)
if callingstationid has specific value (can be dosen specifc
callingstationid_s) then replay accept and some specific IP for each
specific callingstationid or just assign ip from radius pool.
if callingstationid is not in the list of “specific callingstationid” then
just replay accept and NAS will assign ip from equipment’s IP pool
Main Idea: For now most users has the same username and password and it is
not possible to change anything in that. Some callingstationid is not
friendly for my network (they should have only http traffic). That’s why I
want to assign them IP from specific pool – I going to setup firewall rules
for a such IPs.
Any idea ?
John Longland wrote:
>
> Yes, I have just done it.
>
> You need to change the sql-statement in /etc/raddb/sql.conf
>
> That is the
> autorize_check_query.Depending on how you use your tables, the query
> that I am using may or may not work. If you want I can give you the
> one that works for me if you supply your table-layout.
>
> JOhn
> P.S> The statement I use does NOT check username/password !!!
>
> -Original Message-
> From:
> [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED].
> org]On Behalf Of banga
> Sent: 08 November 2006 11:37
> To: freeradius-users@lists.freeradius.org
> Subject: Assign IP based on CallingStationID.
>
>
>
> Hello all.
> I use freeradius ver. 1.1.1 + mysql.
> I use same login/password for couple of users but they has different
> callingstationid.
> Is it possible to check callingstationid and asiighn IP based on it?
> Do I need to create some additional tables in mysql for that?
>
> Thx.
>
> --
> View this message in context:
> http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7
> 235317
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7238235
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Assign IP based on CallingStationID.
Hi Banga We have a large system in production that does almost exactly what you state. It can all be done with a few modifications of the sql queries. (Infact we have a rather complex postgresql stored procedure, but one simpler query is possible depending on what you need). If you wish to assign dynamic ips, but bound to callingstationid, not username this is also possible with sqlippool.. Read the comments in the config file in cvs. Cheers Peter On Thu 09 Nov 2006 11:10, banga wrote: > I use dafault table-layout. > How I understand you just change username authentication to > callingstationid authentication inside sql.conf. Thx, it’s really good > idea. I think that I could do the same by myself, but it will take a time. > Therefore any examples will be very useful. Can you post it here? > If It’s too big you can send it to me - “nebula-at-inbox-lv”. > > >From other side, I need username/password authentication also (for other > > users) therefore it will be difficult to implement this ( may be I’ll > install another freeradius specially for that). > > In my situation radius for some users check username/password, for other > users it should do the next: > check username/password/callingstationid (in fact username and password > always the same) > if callingstationid has specific value (can be dosen specifc > callingstationid_s) then replay accept and some specific IP for each > specific callingstationid or just assign ip from radius pool. > if callingstationid is not in the list of “specific callingstationid” then > just replay accept and NAS will assign ip from equipment’s IP pool > > Main Idea: For now most users has the same username and password and it is > not possible to change anything in that. Some callingstationid is not > friendly for my network (they should have only http traffic). That’s why I > want to assign them IP from specific pool – I going to setup firewall rules > for a such IPs. > > Any idea ? > > John Longland wrote: > > Yes, I have just done it. > > > > You need to change the sql-statement in /etc/raddb/sql.conf > > > > That is the > > autorize_check_query.Depending on how you use your tables, the query > > that I am using may or may not work. If you want I can give you the > > one that works for me if you supply your table-layout. > > > > JOhn > > P.S> The statement I use does NOT check username/password !!! > > > > -Original Message- > > From: > > [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > > org]On Behalf Of banga > > Sent: 08 November 2006 11:37 > > To: freeradius-users@lists.freeradius.org > > Subject: Assign IP based on CallingStationID. > > > > > > > > Hello all. > > I use freeradius ver. 1.1.1 + mysql. > > I use same login/password for couple of users but they has different > > callingstationid. > > Is it possible to check callingstationid and asiighn IP based on it? > > Do I need to create some additional tables in mysql for that? > > > > Thx. > > > > -- > > View this message in context: > > http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html > >#a7 235317 > > Sent from the FreeRadius - User mailing list archive at Nabble.com. > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpInTxeufq3c.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Assign IP based on CallingStationID.
I use dafault table-layout. How I understand you just change username authentication to callingstationid authentication inside sql.conf. Thx, it’s really good idea. I think that I could do the same by myself, but it will take a time. Therefore any examples will be very useful. Can you post it here? If It’s too big you can send it to me - “nebula-at-inbox-lv”. >From other side, I need username/password authentication also (for other users) therefore it will be difficult to implement this ( may be I’ll install another freeradius specially for that). In my situation radius for some users check username/password, for other users it should do the next: check username/password/callingstationid (in fact username and password always the same) if callingstationid has specific value (can be dosen specifc callingstationid_s) then replay accept and some specific IP for each specific callingstationid or just assign ip from radius pool. if callingstationid is not in the list of “specific callingstationid” then just replay accept and NAS will assign ip from equipment’s IP pool Main Idea: For now most users has the same username and password and it is not possible to change anything in that. Some callingstationid is not friendly for my network (they should have only http traffic). That’s why I want to assign them IP from specific pool – I going to setup firewall rules for a such IPs. Any idea ? John Longland wrote: > > Yes, I have just done it. > > You need to change the sql-statement in /etc/raddb/sql.conf > > That is the > autorize_check_query.Depending on how you use your tables, the query > that I am using may or may not work. If you want I can give you the > one that works for me if you supply your table-layout. > > JOhn > P.S> The statement I use does NOT check username/password !!! > > -Original Message- > From: > [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > org]On Behalf Of banga > Sent: 08 November 2006 11:37 > To: freeradius-users@lists.freeradius.org > Subject: Assign IP based on CallingStationID. > > > > Hello all. > I use freeradius ver. 1.1.1 + mysql. > I use same login/password for couple of users but they has different > callingstationid. > Is it possible to check callingstationid and asiighn IP based on it? > Do I need to create some additional tables in mysql for that? > > Thx. > > -- > View this message in context: > http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7 > 235317 > Sent from the FreeRadius - User mailing list archive at Nabble.com. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7254733 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Assign IP based on CallingStationID.
I use dafault table-layout. How I understand you just change username authentication to callingstationid authentication inside sql.conf. Thx, it’s really good idea. I think that I could do the same by myself, but it will take a time. Therefore any examples will be very useful. Can you post it here? If It’s too big you can send it to me - “nebula-at-inbox-lv”. >From other side, I need username/password authentication also (for other users) therefore it will be difficult to implement this ( may be I’ll install another freeradius specially for that). In my situation radius for some users check username/password, for other users it should do the next: check username/password/callingstationid (in fact username and password always the same) if callingstationid has specific value (can be dosen specifc callingstationid_s) then replay accept and some specific IP for each specific callingstationid or just assign ip from radius pool. if callingstationid is not in the list of “specific callingstationid” then just replay accept and NAS will assign ip from equipment’s IP pool Main Idea: For now most users has the same username and password and it is not possible to change anything in that. Some callingstationid is not friendly for my network (they should have only http traffic). That’s why I want to assign them IP from specific pool – I going to setup firewall rules for a such IPs. Any idea ? John Longland wrote: > > Yes, I have just done it. > > You need to change the sql-statement in /etc/raddb/sql.conf > > That is the > autorize_check_query.Depending on how you use your tables, the query > that I am using may or may not work. If you want I can give you the > one that works for me if you supply your table-layout. > > JOhn > P.S> The statement I use does NOT check username/password !!! > > -Original Message- > From: > [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > org]On Behalf Of banga > Sent: 08 November 2006 11:37 > To: freeradius-users@lists.freeradius.org > Subject: Assign IP based on CallingStationID. > > > > Hello all. > I use freeradius ver. 1.1.1 + mysql. > I use same login/password for couple of users but they has different > callingstationid. > Is it possible to check callingstationid and asiighn IP based on it? > Do I need to create some additional tables in mysql for that? > > Thx. > > -- > View this message in context: > http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7 > 235317 > Sent from the FreeRadius - User mailing list archive at Nabble.com. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7238235 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Assign IP based on CallingStationID.
Title: RE: Assign IP based on CallingStationID. Yes, I have just done it. You need to change the sql-statement in /etc/raddb/sql.conf That is the autorize_check_query.Depending on how you use your tables, the query that I am using may or may not work. If you want I can give you the one that works for me if you supply your table-layout. JOhn P.S> The statement I use does NOT check username/password !!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]. org]On Behalf Of banga Sent: 08 November 2006 11:37 To: freeradius-users@lists.freeradius.org Subject: Assign IP based on CallingStationID. Hello all. I use freeradius ver. 1.1.1 + mysql. I use same login/password for couple of users but they has different callingstationid. Is it possible to check callingstationid and asiighn IP based on it? Do I need to create some additional tables in mysql for that? Thx. -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7235317 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Assign IP based on CallingStationID.
Hello all. I use freeradius ver. 1.1.1 + mysql. I use same login/password for couple of users but they has different callingstationid. Is it possible to check callingstationid and asiighn IP based on it? Do I need to create some additional tables in mysql for that? Thx. -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7235317 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: callingstationid filter and regexp
=?iso-8859-1?Q?Bj=F8rn_Mork?= <[EMAIL PROTECTED]> wrote: > Miguel <[EMAIL PROTECTED]> writes: > > > 1706382 | mmiranda | Calling-Station-Id | ~= | > > 226601[0-9][0-9]$|22793045$|22934240$ From doc/rlm_sql: =~ "Attribute =~ Expression" Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: callingstationid filter and regexp
Miguel <[EMAIL PROTECTED]> writes:
> radius=# select * from radcheck where username = 'mmiranda';
> id| username | attribute | op | value
> -+--+++---
> 1706382 | mmiranda | Calling-Station-Id | ~= |
> 226601[0-9][0-9]$|22793045$|22934240$
> 1706381 | mmiranda | User-Password | == | americatel
> (2 rows)
>
>
> Wed Apr 19 11:32:14 2006 : Auth: Login incorrect:
> [mmiranda/americatel] (from client private-network port 0 cli 22660124)
> Wed Apr 19 11:32:15 2006 : Info: rlm_sql (sql): No matching entry in
> the database for request from user [mmiranda]
That's weird. I don't know the FreeRadius regexp internals, but the
re work as expected when I test it with perl:
[EMAIL PROTECTED]:~$ perl -e 'foreach (@ARGV) {print "$_\n" if
/226601[0-9][0-9]$|22793045$|22934240$/}' 22660124 22793045 50322793045
227930453 2266
22660124
22793045
50322793045
Bjørn
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: callingstationid filter and regexp
Bjørn Mork wrote: Miguel <[EMAIL PROTECTED]> writes: Bjørn Mork wrote: You could either modify your regexp to allow any number ending in the 8 wanted digits, How do i do that?, remberber that the fist group its a pbx, 100 callinstationids, i think i need some regexp example for this case. Just removing the ^'s should do it. Like Value: 226621[0-9][0-9]$|22793045$|22934240$ Bjørn, that regexp didnt work, i made a test with a generic user (mmiranda) and same result radius=# select * from radcheck where username = 'mmiranda'; id| username | attribute | op | value -+--+++--- 1706382 | mmiranda | Calling-Station-Id | ~= | 226601[0-9][0-9]$|22793045$|22934240$ 1706381 | mmiranda | User-Password | == | americatel (2 rows) Wed Apr 19 11:32:14 2006 : Auth: Login incorrect: [mmiranda/americatel] (from client private-network port 0 cli 22660124) Wed Apr 19 11:32:15 2006 : Info: rlm_sql (sql): No matching entry in the database for request from user [mmiranda] Wed Apr 19 11:32:15 2006 : Auth: Login incorrect: [mmiranda/americatel] (from client private-network port 0 cli 22660124) Wed Apr 19 11:32:15 2006 : Info: rlm_sql (sql): No matching entry in the database for request from user [mmiranda] Wed Apr 19 11:32:15 2006 : Auth: Login incorrect: [mmiranda/americatel] (from client private-network port 0 cli 22660124) --- Miguel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: callingstationid filter and regexp
Miguel <[EMAIL PROTECTED]> writes: > Bjørn Mork wrote: > >>You could either modify your regexp to allow any number ending in the >> 8 wanted digits, >> >> >> > How do i do that?, remberber that the fist group its a pbx, 100 > callinstationids, i think i need some regexp example for this case. Just removing the ^'s should do it. Like Value: 226621[0-9][0-9]$|22793045$|22934240$ Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: callingstationid filter and regexp
Bjørn Mork wrote: Miguel <[EMAIL PROTECTED]> writes: Hi, im trying to configure a check that 1315 username will be allowed to connect only from a particular list of callinstationids, so i added a Calling-Station-Id attribute to the radcheck table, this are my filter's details username: 1315 list of callingstationids: - from 22662100 to 22662199 (this is a pbx) - 22793045 - 22934240 the attribute was entered like this: username: 1315 attribute: Calling-Station-Id Op: ~= Value: ^226621[0-9][0-9]$|^22793045$|^22934240$ But i always get acces denied: Tue Apr 18 15:38:04 2006 : Auth: Login incorrect: [1315/1315] (from client private-network port 0 cli 50322793045) Looks like 503 is prepended to the value you expect in Calling-Station-Id. Maybe some prefix added by the PBX? you are right, its my fuault, i edited the info i sent to the list, please ignore the 503 prefix, it shouldnt be there. You could either modify your regexp to allow any number ending in the 8 wanted digits, How do i do that?, remberber that the fist group its a pbx, 100 callinstationids, i think i need some regexp example for this case. thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: callingstationid filter and regexp
Miguel <[EMAIL PROTECTED]> writes: > Hi, im trying to configure a check that 1315 username will be allowed > to connect only from a particular list of callinstationids, so i added > a Calling-Station-Id attribute to the radcheck table, this are my > filter's details > > username: 1315 > > list of callingstationids: > - from 22662100 to 22662199 (this is a pbx) > - 22793045 > - 22934240 > > the attribute was entered like this: > > username: 1315 > attribute: Calling-Station-Id > Op: ~= > Value: ^226621[0-9][0-9]$|^22793045$|^22934240$ > > But i always get acces denied: > Tue Apr 18 15:38:04 2006 : Auth: Login incorrect: [1315/1315] (from > client private-network port 0 cli 50322793045) Looks like 503 is prepended to the value you expect in Calling-Station-Id. Maybe some prefix added by the PBX? You could either modify your regexp to allow any number ending in the 8 wanted digits, our explicitly allow 503 as prefix. Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
callingstationid filter and regexp
Hi, im trying to configure a check that 1315 username will be allowed to connect only from a particular list of callinstationids, so i added a Calling-Station-Id attribute to the radcheck table, this are my filter's details username: 1315 list of callingstationids: - from 22662100 to 22662199 (this is a pbx) - 22793045 - 22934240 the attribute was entered like this: username: 1315 attribute: Calling-Station-Id Op: ~= Value: ^226621[0-9][0-9]$|^22793045$|^22934240$ But i always get acces denied: Tue Apr 18 15:38:04 2006 : Auth: Login incorrect: [1315/1315] (from client private-network port 0 cli 50322793045) Tue Apr 18 15:38:20 2006 : Info: rlm_sql (sql): No matching entry in the database for request from user [1315] Tue Apr 18 15:38:20 2006 : Auth: Login incorrect: [1315/1315] (from client private-network port 0 cli 50322793045) Tue Apr 18 15:39:09 2006 : Info: rlm_sql (sql): No matching entry in the database for request from user [1315] Tue Apr 18 15:39:09 2006 : Auth: Login incorrect: [1315/1315] (from client private-network port 0 cli 50322793045) Tue Apr 18 15:39:24 2006 : Info: rlm_sql (sql): No matching entry in the database for request from user [1315] Tue Apr 18 15:39:24 2006 : Auth: Login incorrect: [1315/1315] (from client private-network port 0 cli 50322793045) Is my regexp mistyped? or am i using the wrong op? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CallingStationId
"Wassim abbas" <[EMAIL PROTECTED]> wrote: > Thank you for your reply , i just don't know how to do it , if you > please , can you give me some info or docs? Ask the people who wrote the PPP programs. I didn't write them, I don't use them, and I know nothing about them. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CallingStationId
Dear Alan Thank you for your reply , i just don't know how to do it , if you please , can you give me some info or docs? regards On 4/2/06, Alan DeKok <[EMAIL PROTECTED]> wrote: > "Mordor Networks" <[EMAIL PROTECTED]> wrote: > > I used to handle pppoe connections on freebsd, and when a connection is > > established, the field "CallingStationId" of the radacct table on mysql > had > > the mac address of the calling user. > > > > rp-pppoe (or maybe linux pppd) seems not to do this by default and the > field > > in question is left blank. Does anybody know a way to solve this? > > Update the PPP program to send the MAC address in the > Calling-Station-Id attribute. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Network / Systems Administrator Mobile : 961-70-980578 Telephone : 961-147-83-90 Email : [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CallingStationId
Hello, I finally have a working rp-pppoe+pppd+linux+radius+mysql setup handling lots of connections :) I used to handle pppoe connections on freebsd, and when a connection is established, the field "CallingStationId" of the radacct table on mysql had the mac address of the calling user. rp-pppoe (or maybe linux pppd) seems not to do this by default and the field in question is left blank. Does anybody know a way to solve this? Thanks in advance.. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CallingStationId
"Mordor Networks" <[EMAIL PROTECTED]> wrote: > I used to handle pppoe connections on freebsd, and when a connection is > established, the field "CallingStationId" of the radacct table on mysql had > the mac address of the calling user. > > rp-pppoe (or maybe linux pppd) seems not to do this by default and the field > in question is left blank. Does anybody know a way to solve this? Update the PPP program to send the MAC address in the Calling-Station-Id attribute. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reject connections based on CallingStationId
In huntgroups; denygroup Calling-Station-ID =~ ".*0606" SQL-Group == deny and then in the "groupcheck" table in your sql database add; GroupnameAttributeopValue deny Auth-Type:=Reject Should do the trick. Although make sure your radius.conf is configured properly to use the huntgroup file. Good Luck! Ernesto Freyre Ramírez wrote: Dear admins: Please how I could to configure free radius with mysql for rejecting users only based on CallingStationId value? Thank you for hints about this issue. Regards *Ernesto Freyre Ramírez* Jefe de Operaciones /*Qnet Soluciones Tecnológicas*/ Jr. Natalio Sánchez 220, Of. 401 - Lima 11 Telf.: (511) 431-6565 Anexo 2245 Fax: (511) 431-7113 Visítenos en: /www.qnet.com.pe/ <http://www.qnet.com.pe> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Richard Marriner IIMaingear.Net Sr. Network Consultant I.T. Consulting [EMAIL PROTECTED] www.maingear.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reject connections based on CallingStationId
Dear admins: Please how I could to configure free radius with mysql for rejecting users only based on CallingStationId value? Thank you for hints about this issue. Regards Ernesto Freyre RamírezJefe de OperacionesQnetSoluciones TecnológicasJr. Natalio Sánchez 220, Of. 401 - Lima 11Telf.: (511) 431-6565 Anexo 2245Fax: (511) 431-7113 Visítenos en: www.qnet.com.pe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authenticating with CallingStationId only
Thanks, I'll try that. Patrik Backentoft Alan DeKok wrote: Patrik Backentoft <[EMAIL PROTECTED]> wrote: is this possible at all, i.e. not entering user name and password and only use CallingStationId? yes. DEFAULT Calling-Station-Id == "foo", Auth-Type := Accept Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html begin:vcard fn:Patrik Backentoft n:Backentoft;Patrik org:Intelligent Applications AB adr;quoted-printable;dom:;;G=C3=B6tgatan 60;Stockholm;;11826 email;internet:[EMAIL PROTECTED] title:Product Manager tel;work:+46855609852 tel;fax:+46855609848 tel;cell:+46733528502 x-mozilla-html:TRUE url:http://www.inapm2m.se | www.inap.se version:2.1 end:vcard - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authenticating with CallingStationId only
Patrik Backentoft <[EMAIL PROTECTED]> wrote: > is this possible at all, i.e. not entering user name and password and > only use CallingStationId? yes. DEFAULT Calling-Station-Id == "foo", Auth-Type := Accept Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authenticating with CallingStationId only
Hello, We have set up a FreeRADIUS for authenticating GPRS-users. However, we would like to authenticate based on CallingStationId only, i.e. not ask users to enter either user-name or password on a Mobile Station level. We are connected to a NAS sending us "void/void" if user/pw is not entered, and of course, the NAS sends the CallingStationId. For a number of practical reasons, we would like to use the CallingStationId when authenticating. My questions are: is this possible at all, i.e. not entering user name and password and only use CallingStationId? A few hints on where to modify, in order to avoid having the request rejected due to no user-name as is the case now. Thanks in advance, Patrik Backentoft begin:vcard fn:Patrik Backentoft n:Backentoft;Patrik org:Intelligent Applications AB adr;quoted-printable;dom:;;G=C3=B6tgatan 60;Stockholm;;11826 email;internet:[EMAIL PROTECTED] title:Product Manager tel;work:+46855609852 tel;fax:+46855609848 tel;cell:+46733528502 x-mozilla-html:TRUE url:http://www.inapm2m.se | www.inap.se version:2.1 end:vcard - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: controlling the auth by CallingStationId
The attribute "Calling-Station-Id" is already defined as a checkItem, you should add it to a user or group profile using the operator ":=" HTH - Original Message - From: "Ernesto Freyre Ramírez" <[EMAIL PROTECTED]> To: Sent: Monday, May 30, 2005 9:48 AM Subject: controlling the auth by CallingStationId > Dear Sirs, please , I hope someone here could to help me, > I wish to control the authentication process by including a check of the > CallingStationId parameter, being some generic features of it, or also all > the value of the same, please some hint aboout where I must to configure > this task? > > Thank you > > Ernesto Freyre Ramírez > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
controlling the auth by CallingStationId
Dear Sirs, please , I hope someone here could to help me, I wish to control the authentication process by including a check of the CallingStationId parameter, being some generic features of it, or also all the value of the same, please some hint aboout where I must to configure this task? Thank you Ernesto Freyre Ramírez - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authentication based on CallingStationId and UserName.
Hi, Can somebody help. I have instances of three groups created i.e. Prepaid_Monthly, CorpMonthly and Staff_Monthly. I used the sqlcounter to restrict the time Max-Session-Time for each group. However, group Staff_Monthly are staff or corporate member of the Business group and they enjoy toll free from the telcos. And they have their own callingstationid different from others. If a user now buy from the prepaid that is cheaper which belong to group Staff_Monthly card, I want access-reject for any other user of other groups who want to use another telcos number to connect to the internet. Can someone advise on how to go about it. What I need to do is how to reject Staff_Monthly users that want to use a card that is meant for the Prepaid_Monthly and CorpMonthly (because their Card is cheap but the telco tariff is at their own expense)to connect to the network. Ade - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with characters in CallerStationId and CallingStationId
On Sat, 26 Feb 2005 [EMAIL PROTECTED] wrote: Hello to all, I use mssql.conf i don?t found the directive safe-characters. I have to do something in special. Copy the directive from sql.conf. mssql.conf was just not updated to include it. Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with characters in CallerStationId and CallingStationId
Hello to all, I use mssql.conf i don´t found the directive safe-characters. I have to do something in special. Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with CalledStationId and CallingStationId
Please send PLAIN TEXT mails! Look at the allowed_characters configuration in sql.conf -- Groeten, Regards, Salutations, Thor Spruyt M: +32 (0)475 67 22 65 E: [EMAIL PROTECTED] W: www.thor-spruyt.com www.salesguide.be www.telenethotspot.be - Original Message - From: vicente barrientos To: freeradius-users@lists.freeradius.org Sent: Monday, January 31, 2005 4:25 PM Subject: Problems with CalledStationId and CallingStationId Hello. I have problems with CalledStationId and CallingStationId, The GW send 1234#51195252522 but Mysql receive 1234=2351195252522. Someone can help me. thanks a lot Las mejores tiendas, los precios mas bajos, entregas en todo el mundo, YupiMSN Compras: Haz clic aquí... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with CalledStationId and CallingStationId
Hello. I have problems with CalledStationId and CallingStationId, The GW send 1234#51195252522 but Mysql receive 1234=2351195252522. Someone can help me. thanks a lot Las mejores tiendas, los precios mas bajos, entregas en todo el mundo, YupiMSN Compras: Haz clic aquí... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rejecting CallingStationId
On 1 Sep 2004 at 8:34, Keith Yoder wrote:
> I changed the default SQL queries to do this. I'll try to explain how
> (using MySQL).
>
> First I created a table to store the bad CallingStationIDs.
>
> CREATE TABLE `bad_callingstationids` (
> `CALLINGSTATIONID` varchar(18) NOT NULL default '',
> `OBSERVATION` varchar(100) NOT NULL default '',
> PRIMARY KEY (`CALLINGSTATIONID`)
> )
>
ok create the table.. here I will add something like:
CREATE TABLE `bad_callingstationids` (
`callingstationid` varchar(18) NOT NULL default '',
`id_calledstationid` varchar(18) NOT NULL default '',
`OBSERVATION` varchar(100) NOT NULL default '',
PRIMARY KEY (`callingstationid`)
)
CREATE TABLE `calledstationids` (
`calledstationid` varchar(18) NOT NULL default '',
`900number` varchar(18) NOT NULL default '',
`OBSERVATION` varchar(100) NOT NULL default '',
PRIMARY KEY (`calledstationid`)
)
so I could separate the also that number from the line is coming.
> Then I changed the authorize_check_query in the sql.conf file to this:
>
> SELECT id,UserName,Attribute,Value,op
> FROM ${authcheck_table} LEFT JOIN bad_callingstationids ON
> '%{Calling-Station-Id}' = bad_callingstationids.CALLINGSTATIONID
> WHERE Username = '%{SQL-User-Name}' AND
> bad_callingstationids.CALLINGSTATIONID IS NULL ORDER BY id
>
>
Understood, but I have a problem maybe you know a way, I should allow any
username or password to log, but I need to block some callingstationids if they due
their time, and I am thinking a way to structure the authorize_check_query and the
reply to let any login or pass, I just need login with a sufix. like
:DEFAULTSuffix == "mx", Auth-Type := Accept
Service-Type = Framed-User,
Framed-Protocol = PPP,
Session-Timeout=900,
Idle-Timeout = 900
and then do a selection of bad_callingstationids (callingstationid AND
calledstationid)
> Hope that's understandable,
> Keith Yoder
Tnx for your help Keith, intersting aprouch, that made me make some tests! >)
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rejecting CallingStationId
[EMAIL PROTECTED] escreveu:
I could ban or reject a specific CallingStationID? , the only examples I seen is on a
specific user or group of users, on file /etc/users
...
and I think it worked just fine, the question now is, I could have this Called, and
Calling stations id in a sql table, so my script for blocking/baning Called or Calling
would be in a sql table and not restart radius each time I add a new rule on users file
I changed the default SQL queries to do this. I'll try to explain how
(using MySQL).
First I created a table to store the bad CallingStationIDs.
CREATE TABLE `bad_callingstationids` (
`CALLINGSTATIONID` varchar(18) NOT NULL default '',
`OBSERVATION` varchar(100) NOT NULL default '',
PRIMARY KEY (`CALLINGSTATIONID`)
)
Then I changed the authorize_check_query in the sql.conf file to this:
SELECT id,UserName,Attribute,Value,op
FROM ${authcheck_table} LEFT JOIN bad_callingstationids ON
'%{Calling-Station-Id}' = bad_callingstationids.CALLINGSTATIONID
WHERE Username = '%{SQL-User-Name}' AND
bad_callingstationids.CALLINGSTATIONID IS NULL ORDER BY id
Hope that's understandable,
Keith Yoder
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rejecting CallingStationId
I could ban or reject a specific CallingStationID? , the only examples I seen is on a specific user or group of users, on file /etc/users Some nice friends on the list told me to try: DEFAULTCalling-Station-Id =~"8183635958", Auth-Type :=Reject I tried it and it works, I tried also some things like DEFAULT Called-Station-Id =="4700",Auth-Type :=Reject DEFAULT Calling-Station-Id =="8183635958", Called-Station-Id =="4700",Auth- Type :=Reject and I think it worked just fine, the question now is, I could have this Called, and Calling stations id in a sql table, so my script for blocking/baning Called or Calling would be in a sql table and not restart radius each time I add a new rule on users file Thanks Armando Leal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rejecting CallingStationId
[EMAIL PROTECTED] wrote: > I could ban or reject a specific CallingStationID? , the only > examples I seen is on a specific user or group of users, on file > /etc/users I think (never did this) that this should do it if you put it at the beginning of the users file: DEFAULT Auth-Type := Reject, Calling-Station-Id == "." -- Regards, Thor Spruyt E: [EMAIL PROTECTED] W: www.thor-spruyt.com M: +32 (0)475 67 22 65 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rejecting CallingStationId
I could ban or reject a specific CallingStationID? , the only examples I seen is on a specific user or group of users, on file /etc/users There is another option am trying doing a snmp command via the nas and drop each time it connects, but I think is not the best option. Thanks Armando Leal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
