----- Original Message ----- From: "Bill Thompson" <[EMAIL PROTECTED]> > Mike Clay <[EMAIL PROTECTED]> wrote: > > Hi, > > Is there an attribute/script/configuration that will disable a user > > account after x number of failed logins? I found a question asking the > > same thing for version .5x (the answer was "not yet"), and I'm wondering > > if it's now possible. Thanks a lot. > > > > Mike > > There is no attribute directly in FreeRadius, but you may want to look at > authenticating radius through PAM and using pam_auth to track the failed > logins. Be aware that there are some reports of memory leaks with PAM that > may make the system unstable. I have configured a system like this in the > lab with no issues but I have not put it into production.
In my humble opinion, the NAS should have the functionality to block the authentication attempts of a certain user, not the RADIUS. If done at the RADIUS, the network traffic will still occur. If done at the NAS, the network traffic is reduced. I think that any NAS vendor that has this functionality has a big advantage to other NAS vendors. Thor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
