On 05/02/2020 14.24, Ralf Wenk wrote:

The handler statements are

<Handler Client-Identifier=IZ, Realm=VPN>
         AcctLogFileName %L/vpn/AcctLog-%Y-%m
         RewriteUsername s/@.+//o
         UsernameCharset a-z0-9
         <AuthBy FAILUREPOLICY>
                 Identifier          Fail_Policy
                 ConsecutiveFailures 5
                 ConsecutiveLockTime 300
                 CumulativeFailures  200
                 CumulativeLockTime  14400
                 CumulativeWindow    43200
         </AuthBy>
         AuthBy          SQL_VPN
         AuthLog         AuthLogFile-VPN
         AuthLog         AuthLogSyslog-VPN
         AuthLog         AuthLogSQL-VPN
         AuthBy          SQL_Acct_Log_VPN
         Identifier      VPN
</Handler>

and the Radiator version is 4.24-10.

I think the cause is behind the "No failure policy history exists ..."
message.

Quite likely so. This means that there's no history yet for the user. If there should be, then the it's likely that nothing has created and updated the history for the user.

Did I make a wrong assumption or is there a configuration mistake in
the FAILUREPOLICY I do not see?

There's one thing that seems to be missing, note that in failurepolicy.cfg goodies file there's PostAuthHook defined. This hook checks the result and then maintains the history.

If you try the goodies configuration sample with, for example SQLite, watching the SQL updates gives a good look at who it works. When the information is kept in-memory, functionality is similar.

By the way, "3.114.8. CumulativeLockTime" of the manual shows
"ConsecutiveLockTime" as the configuration statement not the
"CumulativeLockTime" one.

Thanks for the note. I'll see that it gets fixed.
Heikki

--
Heikki Vatiainen <[email protected]>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator

Reply via email to