help-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] Authorisation Failure

From: David Beards
Subject: Re: [Help-gnu-radius] Authorisation Failure
Date: Mon, 17 Mar 2003 22:51:45 +1100
User-agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.2.1) Gecko/20021130 
Hi Sergey,
That was the problem I found. I can use a simple shell script if the authentication is successful to modify a file and reset the users failure count. However if the authentication fails the 'user' file stops processing, therefore you are not able to check if the initial authentication step passed or not.
I could take over the authentication process fully by using the Exec-Program-Wait or Scheme-Procedure but I would like to avoid writing a program to take care of all the authentication and set the initial RADIUS authentication to suceed regardless. (Besides, far easier to write a shell script than to write a C program when you aren't really a C programmer!!)
I look forward to the next release and hopefully it will fill the gap I currently have. 

Thanks for the help....

David

Sergey Poznyakoff wrote:
With the Netscape RADIUS, failed login attempts are tracked and if four (configurable) consecutive attemtps are made without success the account is automatically locked out. 

Can anyone suggest a way that this could be acheived?



The only way I see is via an extension authentication mechanism, e.g.
PAM, Exec-Program-Wait or Scheme-Procedure.

I am currently working on the trigger mechanism in radiusd that will allow
to execute user procedures upon some events (such as e.g. authentication
failure). I guess this is what you need. With the good luck the new
version should appear near the end of May.

Regards,
Sergey



--
David Beards
Technical Manager Networks and Systems
CFA
8 Lakeside Drive
Burwood East 3151

Ph: 9262 8204
Mobile: 0419 519 366

CAUTION - This message is intended for the use of the individual or
entity named above and may contain information that is confidential or
privileged.  If you are not the intended recipient of this message you
are hereby notified that any use, dissemination, distribution or
reproduction of this message is prohibited and that you must not take
any action in reliance on it.  If you have received this communication
in error, please notify CFA immediately and destroy the original
message.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]