'Re: Turn of user acc - MySQL'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Turn of user acc - MySQL
From:       "Marinko Tarlac" <mangia81 () gmail ! com>
Date:       2007-10-31 8:25:34
Message-ID: 41e5b64f0710310125q50c5075ie3581a988bcb3907 () mail ! gmail ! com
[Download RAW message or body]

Subject: Re: Turn of user acc - MySQL
> 
> Deleting user from the database - bad idea. You do want him back?

I have users inside another table (name, address, id etc..) and only
those who need access I transfer to radcheck table. So if I remove
them from radcheck, I can easily turn  them back.

> 
> Auth-Type Reject is a check item so it would go into rad(group)check
> table.  It's better to create a group for suspended users and swithch
> user to it than to add the attribute to each user.
> 
> Think about using sqlcounters and/or Epiration attribute.

Good ideas so I will think about it...

Best regards

> 
> Ivan Kalik
> Kalik Informatika ISP
> 
> 
> Dana 30/10/2007, "Marinko Tarlac" <mangia81@gmail.com> pi?e:
> 
> > Hello
> > 
> > I made small web based application and it uses MySql database. I can
> > add user accounts, create packages, add access points etc and now I
> > need to create script for user control.
> > 
> > Question is next. Is it better to remove the username from radcheck
> > table or it is better option to add access-reject atribute for
> > specific user in radreply table. Is there any better solution. Also
> > I'm thinking to create small perl script which I can call during auth
> > process.
> > 
> > I'm not sure did you understand me :)
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> > 
> > 
> 
> 
> 
> ------------------------------
> 
> Message: 7
> Date: Wed, 31 Oct 2007 11:53:23 +1000 (EST)
> From: David Hobley <david.hobley@mionegroup.com>
> Subject: Re: Configure authentication via LDAP Group membership issue
> [sec=unclassified]
> To: FreeRadius users mailing list
> <freeradius-users@lists.freeradius.org>
> Message-ID: <3661210.62301193795603796.JavaMail.root@mail.onegrp.com>
> Content-Type: text/plain; charset="utf-8"
> 
> Frank,
> 
> Thank you - greatly appreciated. This made me realise that my thinking was foggy \
> when I had defined group memberships. All working now. 
> Cheers,
> David
> ----- Original Message -----
> From: "Frank MR Ranner" <Frank.Ranner@defence.gov.au>
> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
> Sent: Wednesday, 31 October 2007 10:20:36 AM (GMT+1000) Australia/Brisbane
> Subject: RE: Configure authentication via LDAP Group membership issue \
> [sec=unclassified] 
> ...
> _______________________________
> 
> The memberUid attribute in a posixgroup is supposed to hold the uid, not
> the uidNumber. That would make your groupmembership_filter =
> "(memberUid=%{User-Name})" or more robustly,
> groupmembership_filter =
> "(&(memberUid=%{Stripped-User-Name:-%{User-Name}})(objectClass=posixGrou
> p))"
> 
> Regards,
> Frank Ranner
> 
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20071031/258fde31/attachment.html>
>  
> ------------------------------
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
> 
> End of Freeradius-Users Digest, Vol 30, Issue 117
> *************************************************
> 
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic