Could you log failed auth attempts to a database table (AuthLog SQL?)
and when a user connects have an initial AuthBy that checks this table
1st, and if they have 3 Auth failures in the last 30 minutes take the
appropriate action:
eg If Authlog updates a table called authlog then have an AuthBy that
has a query equivalent to:
SELECT Username FROM Radius.authlog
WHERE Username= %0
AND TIMESTAMP > ( UNIX_TIMESTAMP(now() - 1800)
GROUP BY USERNAME
HAVING COUNT(*) > 3
We do a similar thing but in reverse. If the user has had a certain
number of failed auths in the day then any subsequent Auth failures
result in an automatic Access Accept that puts them into a walled garden
for an hour, stops them hammering authentication with bad requests.
Jim.
On 22/05/2013 16:09, Pascal Beauregard wrote:
Hi,
We would like to block request to our Active Directory if a wireless
user have been rejected 3 times in the last 30 minutes.
We have Cisco Wireless Controllers, Radiator and AD. In a university
environment a lot of our users have multiple wireless devices all
authenticating trough Radiator and AD. We have a password expiration
delay of 6 monts in AD. When the password expire for a user, the
wireless devices of that user tries to authenticates to the wireless
network over and over until the AD account is locked. The account is
locked for 30 minutes.
So if Radiator can do that, we would like to block authentication
request after 3 unsuccessful requests in the last 30 minutes before
doing the AuthByNTLM.
I presume, we are not the only organization that face this issue.
______________________________
*Pascal Beauregard*
Analyste en télécommunications
Service des Technologies de l'information
Université de Sherbrooke
Tél. : 819-821-7770
Courriel : [email protected]
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
