[Help-gnu-radius] Adding lockout capability

help-gnu-radius

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnu-radius] Adding lockout capability

From:	David Beards
Subject:	[Help-gnu-radius] Adding lockout capability
Date:	Fri, 09 Jan 2004 21:26:30 +1100
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624

Hi Everyone,

I'm seeking some assistance on how I can achieve the following.

I've configured GNU RADIUS v1.2 to use authentication using the systemmethod and authenticating against the standard UNIX password file.

What I would like to do for security purposes is lock users out if theyuse the incorrect password when trying to connect. From what I can seechecking if they have failed before and clearing the fail if less thanfour attempts has been reached is easy by using Exec-Program-Wait afterthey have authenticated and using a simple shell script.


e.g. the USERS file looks like this:

DEFAULT Auth-Type = System,
                Simultaneous-Use = 1
        Exec-Program-Wait = "/usr/local/sbin/failedtest"
        Service-Type = Framed-User,
                Framed-Protocol = PPP

The question I have is how can I modify the file if a failedauthentication occurs? At the moment if the user fails with an incorrectpassword RADIUS fails them and the "failedtest" script is never executed.


Any and all help would be appreciated.

David Beards
Technical Manager Networks and Systems
CFA
Ph: +61 3 9262 8204
Fax: +61 3 9262 8383
Mobile: +61 419 519 366

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnu-radius] Adding lockout capability, David Beards <=

Prev by Date: Re: [Help-gnu-radius] Maximum Loggen in Users
Next by Date: Re: [Help-gnu-radius] Maximum Loggen in Users
Previous by thread: Re: [Help-gnu-radius] Maximum Loggen in Users
Next by thread: [Help-gnu-radius] SNMP
Index(es):
- Date
- Thread