[RADIATOR] Multiple auth failure handling
Jim
jim at scusting.com
Fri Jun 26 03:21:09 CDT 2009
I would but apparently we want our customers to get the standard
authentication failure responses normally, and thats what our main
resellers want.
Jim.
> -----Original Message-----
> From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au]
> On Behalf Of Kiernan Mccoll
> Sent: 26 June 2009 02:59
> To: radiator at open.com.au
> Subject: Re: [RADIATOR] Multiple auth failure handling
>
> Why not just walled garden all failures?
>
>
> -----Original Message-----
> From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au]
> On Behalf Of Jim Tyrrell
> Sent: Thursday, June 25, 2009 7:35 PM
> To: radiator at open.com.au
> Subject: [RADIATOR] Multiple auth failure handling
>
> Hi,
>
> I have been looking at our accounting logs and realised that 50% of all
> the radius traffic is authentication failures for a relatively small
> number of users. I want to implement a solution to put the users into a
> walled garden if they continue to fail and was thinking of somehow
> logging failed auths to MySQL and using a handler such as:
>
> <Handler Realm = blah.com>
> ContinueWhileReject
> <AuthBy LDAP2>
> LDAP Stuff
> </AuthBy>
> <AuthBy SQL>
> If user in SQL DB then auth and setup for walled garden with
> session timeout
> </AuthBy>
> </Handler>
>
> So if the session is reject it then checks against MySQL to see if the
> user is in there, or in there X number of times and if so accept and
> return attributes to put them into a walled garden.
> Does this make sense? I have done some searching and other solutions
> were generally using hooks and I want to avoid using my shoddy perl
> skills if possible.
>
> What would be the best way to get failed authentications into MySQL? I
> could then either query for count of failed sessions or have a job on
> the MySQL server to produce a table of top failing users.
>
> Failing that I could just have a script on each radius server to get the
> frequent users from the Radiator logs and put into a text file and then
> have my 2nd authby look at this file but MySQL would give me more
> flexibility and would be visible to support staff.
>
> Thanks.
>
> Jim.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
>
More information about the radiator
mailing list