----- Original Message ----- From: "Bill Thompson" <[EMAIL PROTECTED]> > On Tue, 21 Oct 2003 21:30:40 +0200 > "Thor Spruyt" <[EMAIL PROTECTED]> wrote: > > In my humble opinion, the NAS should have the functionality to block the > > authentication attempts of a certain user, not the RADIUS. > > If done at the RADIUS, the network traffic will still occur. If done at > > the NAS, the network traffic is reduced. > > > > I think that any NAS vendor that has this functionality has a big > > advantage to other NAS vendors. > > > > Thor. > > That works ok in theory, but how will the NAS know who the user is without > contacting the RADIUS server? Have you ever seen a NAS with this feature?
The NAS is sending the authentication requests, so it knowns what username is sends them for, so it can stop sending augh requests to the Radius after 5 failed login attempts with the same username. Could also be based on other parameters (like the user's IP address for example to block hacking). Not seen a NAS that can though :) Thor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
