Hello,
I m sure that this question is redundant but I didn't found answer on my searchs.
I would like to disable the user account after 10 (more or less) bad authententification.
I imagine that I can add parameter on the SQL query
for example, checking the bad request log with a cron, and set a count value in a table after X failed for the same login and then update the usergroup table.
But I won't add to many SQL query on the system. So there is a better solutions to do it ?
In a perfect world, the same events could send a mail to the user, and reenable the account automatically after 2 hours.
If you have any links or module that can help be to implement it, you will be welcome
Thanks in advance
Julien
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I've realized this with Simpe Event Correlator (http://simple-evcorr.sourceforge.net/).
SEC analyze logon messages in radius's log, modify radius users's file if there is 'n' bad login and then restart radiusd deamon.
See below my config for SEC :
# Rule : 1
#=============
type=Single
continue=TakeNext
ptype=RegExp
pattern=(.*)Auth: Login incorrect(.*)\[(.*)\](.*)\(from client (.*) port(.*)cli (.*)\)
desc=login error with user $3 from $6 to $5
action=eval %U ($nuser{$3}++; if ( $nuser{$3} > 3 ) {$nuser{$3} = 0; system("/opt/freeradius/tools/revoke-user /opt/freeradius/etc/raddb/users $3")} )
# Rule : 2
#=============
type=Single
continue=TakeNext
ptype=RegExp
pattern=(.*)Auth: Login OK(.*)\[(.*)\](.*)\(from client (.*) port(.*)cli (.*)\)
desc=login ok with user $3 from $6 to $5
action=eval %U ($nuser{$3} = 0)
-- -- Jean-Paul Chapalain - GICM - Reseaux et Systemes Distribues -- 32 rue Mirabeau - Le Relecq-Kerhuon - 29808 Brest Cedex 9, FRANCE -- Tel +33298002873 - Fax +33298284005 - [EMAIL PROTECTED] -- Key Fingerprint: 192C 1CFE F24A 050D F280 A086 AF15 8631 3ABB 4C7D
smime.p7s
Description: S/MIME Cryptographic Signature
