Re: Rejecting CallingStationId
On 1 Sep 2004 at 8:34, Keith Yoder wrote:
> I changed the default SQL queries to do this. I'll try to explain how
> (using MySQL).
>
> First I created a table to store the bad CallingStationIDs.
>
> CREATE TABLE `bad_callingstationids` (
> `CALLINGSTATIONID` varchar(18) NOT NULL default '',
> `OBSERVATION` varchar(100) NOT NULL default '',
> PRIMARY KEY (`CALLINGSTATIONID`)
> )
>
ok create the table.. here I will add something like:
CREATE TABLE `bad_callingstationids` (
`callingstationid` varchar(18) NOT NULL default '',
`id_calledstationid` varchar(18) NOT NULL default '',
`OBSERVATION` varchar(100) NOT NULL default '',
PRIMARY KEY (`callingstationid`)
)
CREATE TABLE `calledstationids` (
`calledstationid` varchar(18) NOT NULL default '',
`900number` varchar(18) NOT NULL default '',
`OBSERVATION` varchar(100) NOT NULL default '',
PRIMARY KEY (`calledstationid`)
)
so I could separate the also that number from the line is coming.
> Then I changed the authorize_check_query in the sql.conf file to this:
>
> SELECT id,UserName,Attribute,Value,op
> FROM ${authcheck_table} LEFT JOIN bad_callingstationids ON
> '%{Calling-Station-Id}' = bad_callingstationids.CALLINGSTATIONID
> WHERE Username = '%{SQL-User-Name}' AND
> bad_callingstationids.CALLINGSTATIONID IS NULL ORDER BY id
>
>
Understood, but I have a problem maybe you know a way, I should allow any
username or password to log, but I need to block some callingstationids if they due
their time, and I am thinking a way to structure the authorize_check_query and the
reply to let any login or pass, I just need login with a sufix. like
:DEFAULTSuffix == "mx", Auth-Type := Accept
Service-Type = Framed-User,
Framed-Protocol = PPP,
Session-Timeout=900,
Idle-Timeout = 900
and then do a selection of bad_callingstationids (callingstationid AND
calledstationid)
> Hope that's understandable,
> Keith Yoder
Tnx for your help Keith, intersting aprouch, that made me make some tests! >)
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rejecting CallingStationId
[EMAIL PROTECTED] escreveu:
I could ban or reject a specific CallingStationID? , the only examples I seen is on a
specific user or group of users, on file /etc/users
...
and I think it worked just fine, the question now is, I could have this Called, and
Calling stations id in a sql table, so my script for blocking/baning Called or Calling
would be in a sql table and not restart radius each time I add a new rule on users file
I changed the default SQL queries to do this. I'll try to explain how
(using MySQL).
First I created a table to store the bad CallingStationIDs.
CREATE TABLE `bad_callingstationids` (
`CALLINGSTATIONID` varchar(18) NOT NULL default '',
`OBSERVATION` varchar(100) NOT NULL default '',
PRIMARY KEY (`CALLINGSTATIONID`)
)
Then I changed the authorize_check_query in the sql.conf file to this:
SELECT id,UserName,Attribute,Value,op
FROM ${authcheck_table} LEFT JOIN bad_callingstationids ON
'%{Calling-Station-Id}' = bad_callingstationids.CALLINGSTATIONID
WHERE Username = '%{SQL-User-Name}' AND
bad_callingstationids.CALLINGSTATIONID IS NULL ORDER BY id
Hope that's understandable,
Keith Yoder
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rejecting CallingStationId
I could ban or reject a specific CallingStationID? , the only examples I seen is on a specific user or group of users, on file /etc/users Some nice friends on the list told me to try: DEFAULTCalling-Station-Id =~"8183635958", Auth-Type :=Reject I tried it and it works, I tried also some things like DEFAULT Called-Station-Id =="4700",Auth-Type :=Reject DEFAULT Calling-Station-Id =="8183635958", Called-Station-Id =="4700",Auth- Type :=Reject and I think it worked just fine, the question now is, I could have this Called, and Calling stations id in a sql table, so my script for blocking/baning Called or Calling would be in a sql table and not restart radius each time I add a new rule on users file Thanks Armando Leal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rejecting CallingStationId
[EMAIL PROTECTED] wrote: > I could ban or reject a specific CallingStationID? , the only > examples I seen is on a specific user or group of users, on file > /etc/users I think (never did this) that this should do it if you put it at the beginning of the users file: DEFAULT Auth-Type := Reject, Calling-Station-Id == "." -- Regards, Thor Spruyt E: [EMAIL PROTECTED] W: www.thor-spruyt.com M: +32 (0)475 67 22 65 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rejecting CallingStationId
I could ban or reject a specific CallingStationID? , the only examples I seen is on a specific user or group of users, on file /etc/users There is another option am trying doing a snmp command via the nas and drop each time it connects, but I think is not the best option. Thanks Armando Leal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
