(RADIATOR) Users Blacklists
Rolando Riley
rriley at ayayai.com
Wed Jun 12 13:52:09 CDT 2002
Hi Hugh:
Well this time I want to configure a users blacklist and what I want to do
is simple:
1) Everytime I have a request this list (BLACKLIST) will be checked. If the
user is found the request is Rejected.
NO further queries should be performed after the user is
rejected.
2) If the user isn't found then the authentication should be done against
LDAP uid and userPassword attributes.
I have searched the mailing lists and have found something very similar
that was done against "calling stations id". For some reason the user,
although it is being found on the BLACKLIST, radiator continue the searching
and auth process over LDAP. What could I have been doing wrong?
Here is the output of Check-Users file
---------------------------------------------
# ENTRADA default para chequear la tabla BLACKLIST
DEFAULT Auth-Type = VE_blacklist
Here is a snippet of my radius.cfg
----------------------
<AuthBy SQL>
Identifier VE_blacklist
DBSource ......
DBUsername ......
DBAuth ......
AuthSelect select "REJECT" from BLACKLIST \
where USERNAME='%n'
AccountingTable
</AuthBy>
<AuthBy FILE>
Identifier CheckUSERS
Filename %D/Check-Users
# NoDefaultIfFound
AcceptIfMissing
</AuthBy>
<AuthBy LDAP2>
Identifier CheckLDAP
Host ......
AuthDN ......
AuthPassword ......
BaseDN ......
UsernameAttr uid
PasswordAttr userPassword
</AuthBy>
<Realm>
UsernameCharset a-zA-Z0-9\._ at -
MaxSessions 1
RewriteUsername tr/A-Z/a-z/
AuthByPolicy ContinueWhileAccept
AuthBy CheckUSERS
AuthBy CheckLDAP
AcctLogFileName %L/detailu
</Realm>
------------------------------
Here is a trace debug 4 of a test:
---------------------
Wed Jun 12 04:57:24 2002: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
ACCTSE SSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='rriley'
Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthFILE: CheckUSERS
Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthFILE looks for match with
rriley
Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthFILE looks for match with
DEFAULT
Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthSQL
Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthSQL: VE_blacklist
Wed Jun 12 04:57:24 2002: DEBUG: Query is: select "REJECT" from BLACKLIST
where USERNAME='rriley'
Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthSQL looks for match with rriley
Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthSQL REJECT: Bad Password
Wed Jun 12 04:57:24 2002: DEBUG: Query is: select "REJECT" from BLACKLIST
where USERNAME='DEFAULT'
Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthFILE REJECT: Bad Password
Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthLDAP2: CheckLDAP
Wed Jun 12 04:57:24 2002: INFO: Connecting to XX.XX.XX.XX, port 389
Wed Jun 12 04:57:24 2002: INFO: Attempting to bind with (admin dn)
Wed Jun 12 04:57:24 2002: DEBUG: LDAP got result for (my dn)
Wed Jun 12 04:57:24 2002: DEBUG: LDAP got userPassword: xxxxxxxxxxx
Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthLDAP2 looks for match with
rriley
Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthLDAP2 ACCEPT:
Wed Jun 12 04:57:24 2002: DEBUG: Access accepted for rriley
Wed Jun 12 04:57:24 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32768 ....
Code: Access-Accept
Identifier: 99
Authentic: 1234567890123456
Attributes:
-----------------
cheers,
-----------------------------------
Ing. Rolando Riley
Gerente de Sistemas
AYAYAI.COM S.A.
Tel: (507) 265-2424 ext. 408
-----------------------------------
______________________________________________
Ayayai.com Ultra, tu Internet prepago LIBRE DE PUBLICIDAD
http://www.ayayai.com/ultra
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list