[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Turn of user acc - MySQL
From: "Marinko Tarlac" <mangia81 () gmail ! com>
Date: 2007-10-31 8:25:34
Message-ID: 41e5b64f0710310125q50c5075ie3581a988bcb3907 () mail ! gmail ! com
[Download RAW message or body]
Subject: Re: Turn of user acc - MySQL
>
> Deleting user from the database - bad idea. You do want him back?
I have users inside another table (name, address, id etc..) and only
those who need access I transfer to radcheck table. So if I remove
them from radcheck, I can easily turn them back.
>
> Auth-Type Reject is a check item so it would go into rad(group)check
> table. It's better to create a group for suspended users and swithch
> user to it than to add the attribute to each user.
>
> Think about using sqlcounters and/or Epiration attribute.
Good ideas so I will think about it...
Best regards
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 30/10/2007, "Marinko Tarlac" <mangia81@gmail.com> pi?e:
>
> > Hello
> >
> > I made small web based application and it uses MySql database. I can
> > add user accounts, create packages, add access points etc and now I
> > need to create script for user control.
> >
> > Question is next. Is it better to remove the username from radcheck
> > table or it is better option to add access-reject atribute for
> > specific user in radreply table. Is there any better solution. Also
> > I'm thinking to create small perl script which I can call during auth
> > process.
> >
> > I'm not sure did you understand me :)
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
> >
>
>
>
> ------------------------------
>
> Message: 7
> Date: Wed, 31 Oct 2007 11:53:23 +1000 (EST)
> From: David Hobley <david.hobley@mionegroup.com>
> Subject: Re: Configure authentication via LDAP Group membership issue
> [sec=unclassified]
> To: FreeRadius users mailing list
> <freeradius-users@lists.freeradius.org>
> Message-ID: <3661210.62301193795603796.JavaMail.root@mail.onegrp.com>
> Content-Type: text/plain; charset="utf-8"
>
> Frank,
>
> Thank you - greatly appreciated. This made me realise that my thinking was foggy \
> when I had defined group memberships. All working now.
> Cheers,
> David
> ----- Original Message -----
> From: "Frank MR Ranner" <Frank.Ranner@defence.gov.au>
> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
> Sent: Wednesday, 31 October 2007 10:20:36 AM (GMT+1000) Australia/Brisbane
> Subject: RE: Configure authentication via LDAP Group membership issue \
> [sec=unclassified]
> ...
> _______________________________
>
> The memberUid attribute in a posixgroup is supposed to hold the uid, not
> the uidNumber. That would make your groupmembership_filter =
> "(memberUid=%{User-Name})" or more robustly,
> groupmembership_filter =
> "(&(memberUid=%{Stripped-User-Name:-%{User-Name}})(objectClass=posixGrou
> p))"
>
> Regards,
> Frank Ranner
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20071031/258fde31/attachment.html>
>
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest, Vol 30, Issue 117
> *************************************************
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic