On 05/02/2020 14.24, Ralf Wenk wrote:
The handler statements are<Handler Client-Identifier=IZ, Realm=VPN> AcctLogFileName %L/vpn/AcctLog-%Y-%m RewriteUsername s/@.+//o UsernameCharset a-z0-9 <AuthBy FAILUREPOLICY> Identifier Fail_Policy ConsecutiveFailures 5 ConsecutiveLockTime 300 CumulativeFailures 200 CumulativeLockTime 14400 CumulativeWindow 43200 </AuthBy> AuthBy SQL_VPN AuthLog AuthLogFile-VPN AuthLog AuthLogSyslog-VPN AuthLog AuthLogSQL-VPN AuthBy SQL_Acct_Log_VPN Identifier VPN </Handler> and the Radiator version is 4.24-10. I think the cause is behind the "No failure policy history exists ..." message.
Quite likely so. This means that there's no history yet for the user. If there should be, then the it's likely that nothing has created and updated the history for the user.
Did I make a wrong assumption or is there a configuration mistake in the FAILUREPOLICY I do not see?
There's one thing that seems to be missing, note that in failurepolicy.cfg goodies file there's PostAuthHook defined. This hook checks the result and then maintains the history.
If you try the goodies configuration sample with, for example SQLite, watching the SQL updates gives a good look at who it works. When the information is kept in-memory, functionality is similar.
By the way, "3.114.8. CumulativeLockTime" of the manual shows "ConsecutiveLockTime" as the configuration statement not the "CumulativeLockTime" one.
Thanks for the note. I'll see that it gets fixed. Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory, EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc. _______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
