[RADIATOR] Rejection of access request if mac address in Sql table

Martin Burton mvb at sanger.ac.uk
Mon Dec 7 10:06:20 CST 2009


Hi Alex,

I may be missing some subtle difference here, but wouldn't
ContinueUntilReject demonstrate the behaviour you require?

Cheers,

Martin.


Alex Sharaz wrote:
> Hi,
> 
> I currently use a mysql database to authenticate our wired and wireless 
> network users. At the moment, if we detect  an infected machine on our campus 
> network, we change the radius password of that user and block network access 
> until they've fixed their machine. What we'd like to do is change this 
> slightly so that we block their access from the infected machine but allow 
> them  access from any other one.
> 
> What I've currently got is an authBy SQL statement with
> 
> AuthSelect Select password from subscribers where username=%0
> 
> AuthColumnDef 0,User-Password,check
> 
> 
> I sort of thinking that  i could meet the extra requirement of blocking access 
> from a specific mac address with an authby group consisting of two authby sql 
> statements.
> 
> Statement 1 would check for the presence of the calling station maca address 
> in a table called blockedmacs. If it exists, send an access-reject. If it 
> doesn't, drop down to
> 
> Statement 2 which implements the authby statement outlined above.
> 
> My only problem is the 1st authby clause in the group. If I use a 
> continueWhileAccept  statement to define whether to drop through to the second 
> authby statement I need to have the 1st authby statement return an access 
> accept if the mac address isn't in the blockedmacs table, which is the 
> opposite of what it would do normally.
> 
> 
> How would i implement the 1st authby statement
> 
> Rgds
> Alex
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator

-- 
Martin Burton
Senior Systems Administrator               \\\|||///
Special Projects Team                     \\  ^ ^  //
Wellcome Trust Sanger Institute            (  6 6  )
-----------------------------------------oOOo-(_)-oOOo---
                                  http://www.sanger.ac.uk

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
Url : http://www.open.com.au/pipermail/radiator/attachments/20091207/ecd31fb8/attachment.bin 


More information about the radiator mailing list