Re: Rejecting CallingStationId
On 1 Sep 2004 at 8:34, Keith Yoder wrote: > I changed the default SQL queries to do this. I'll try to explain how > (using MySQL). > > First I created a table to store the bad CallingStationIDs. > > CREATE TABLE `bad_callingstationids` ( > `CALLINGSTATIONID` varchar(18) NOT NULL default '', > `OBSERVATION` varchar(100) NOT NULL default '', > PRIMARY KEY (`CALLINGSTATIONID`) > ) > ok create the table.. here I will add something like: CREATE TABLE `bad_callingstationids` ( `callingstationid` varchar(18) NOT NULL default '', `id_calledstationid` varchar(18) NOT NULL default '', `OBSERVATION` varchar(100) NOT NULL default '', PRIMARY KEY (`callingstationid`) ) CREATE TABLE `calledstationids` ( `calledstationid` varchar(18) NOT NULL default '', `900number` varchar(18) NOT NULL default '', `OBSERVATION` varchar(100) NOT NULL default '', PRIMARY KEY (`calledstationid`) ) so I could separate the also that number from the line is coming. > Then I changed the authorize_check_query in the sql.conf file to this: > > SELECT id,UserName,Attribute,Value,op > FROM ${authcheck_table} LEFT JOIN bad_callingstationids ON > '%{Calling-Station-Id}' = bad_callingstationids.CALLINGSTATIONID > WHERE Username = '%{SQL-User-Name}' AND > bad_callingstationids.CALLINGSTATIONID IS NULL ORDER BY id > > Understood, but I have a problem maybe you know a way, I should allow any username or password to log, but I need to block some callingstationids if they due their time, and I am thinking a way to structure the authorize_check_query and the reply to let any login or pass, I just need login with a sufix. like :DEFAULTSuffix == "mx", Auth-Type := Accept Service-Type = Framed-User, Framed-Protocol = PPP, Session-Timeout=900, Idle-Timeout = 900 and then do a selection of bad_callingstationids (callingstationid AND calledstationid) > Hope that's understandable, > Keith Yoder Tnx for your help Keith, intersting aprouch, that made me make some tests! >) > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rejecting CallingStationId
[EMAIL PROTECTED] escreveu: I could ban or reject a specific CallingStationID? , the only examples I seen is on a specific user or group of users, on file /etc/users ... and I think it worked just fine, the question now is, I could have this Called, and Calling stations id in a sql table, so my script for blocking/baning Called or Calling would be in a sql table and not restart radius each time I add a new rule on users file I changed the default SQL queries to do this. I'll try to explain how (using MySQL). First I created a table to store the bad CallingStationIDs. CREATE TABLE `bad_callingstationids` ( `CALLINGSTATIONID` varchar(18) NOT NULL default '', `OBSERVATION` varchar(100) NOT NULL default '', PRIMARY KEY (`CALLINGSTATIONID`) ) Then I changed the authorize_check_query in the sql.conf file to this: SELECT id,UserName,Attribute,Value,op FROM ${authcheck_table} LEFT JOIN bad_callingstationids ON '%{Calling-Station-Id}' = bad_callingstationids.CALLINGSTATIONID WHERE Username = '%{SQL-User-Name}' AND bad_callingstationids.CALLINGSTATIONID IS NULL ORDER BY id Hope that's understandable, Keith Yoder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rejecting CallingStationId
I could ban or reject a specific CallingStationID? , the only examples I seen is on a specific user or group of users, on file /etc/users Some nice friends on the list told me to try: DEFAULTCalling-Station-Id =~"8183635958", Auth-Type :=Reject I tried it and it works, I tried also some things like DEFAULT Called-Station-Id =="4700",Auth-Type :=Reject DEFAULT Calling-Station-Id =="8183635958", Called-Station-Id =="4700",Auth- Type :=Reject and I think it worked just fine, the question now is, I could have this Called, and Calling stations id in a sql table, so my script for blocking/baning Called or Calling would be in a sql table and not restart radius each time I add a new rule on users file Thanks Armando Leal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rejecting CallingStationId
[EMAIL PROTECTED] wrote: > I could ban or reject a specific CallingStationID? , the only > examples I seen is on a specific user or group of users, on file > /etc/users I think (never did this) that this should do it if you put it at the beginning of the users file: DEFAULT Auth-Type := Reject, Calling-Station-Id == "." -- Regards, Thor Spruyt E: [EMAIL PROTECTED] W: www.thor-spruyt.com M: +32 (0)475 67 22 65 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rejecting CallingStationId
I could ban or reject a specific CallingStationID? , the only examples I seen is on a specific user or group of users, on file /etc/users There is another option am trying doing a snmp command via the nas and drop each time it connects, but I think is not the best option. Thanks Armando Leal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html