[RADIATOR] Multiple auth failure handling
Kiernan Mccoll
kiernan at staff.iinet.net.au
Thu Jun 25 20:58:41 CDT 2009
Why not just walled garden all failures?
-----Original Message-----
From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] On Behalf Of Jim Tyrrell
Sent: Thursday, June 25, 2009 7:35 PM
To: radiator at open.com.au
Subject: [RADIATOR] Multiple auth failure handling
Hi,
I have been looking at our accounting logs and realised that 50% of all
the radius traffic is authentication failures for a relatively small
number of users. I want to implement a solution to put the users into a
walled garden if they continue to fail and was thinking of somehow
logging failed auths to MySQL and using a handler such as:
<Handler Realm = blah.com>
ContinueWhileReject
<AuthBy LDAP2>
LDAP Stuff
</AuthBy>
<AuthBy SQL>
If user in SQL DB then auth and setup for walled garden with
session timeout
</AuthBy>
</Handler>
So if the session is reject it then checks against MySQL to see if the
user is in there, or in there X number of times and if so accept and
return attributes to put them into a walled garden.
Does this make sense? I have done some searching and other solutions
were generally using hooks and I want to avoid using my shoddy perl
skills if possible.
What would be the best way to get failed authentications into MySQL? I
could then either query for count of failed sessions or have a job on
the MySQL server to produce a table of top failing users.
Failing that I could just have a script on each radius server to get the
frequent users from the Radiator logs and put into a text file and then
have my 2nd authby look at this file but MySQL would give me more
flexibility and would be visible to support staff.
Thanks.
Jim.
_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator
More information about the radiator
mailing list