[RADIATOR] A way to verify that the number of failed attempt is lesser than 3 in the las 30 minutes

Jim Tyrrell jim at scusting.com
Wed May 22 13:44:07 CDT 2013 

Could you log failed auth attempts to a database table (AuthLog SQL?) 
and when a user connects have an initial AuthBy that checks this table 
1st, and if they have 3 Auth failures in the last 30 minutes take the 
appropriate action:

eg If Authlog updates a table called authlog then have an AuthBy that 
has a query equivalent to:

SELECT Username FROM Radius.authlog
WHERE Username= %0
AND TIMESTAMP > (  UNIX_TIMESTAMP(now() - 1800)
GROUP BY USERNAME
HAVING COUNT(*) > 3

We do a similar thing but in reverse.  If the user has had a certain 
number of failed auths in the day then any subsequent Auth failures 
result in an automatic Access Accept that puts them into a walled garden 
for an hour, stops them hammering authentication with bad requests.

Jim.

On 22/05/2013 16:09, Pascal Beauregard wrote:
>
> Hi,
>
> We would like to block request to our Active Directory if a wireless 
> user have been rejected  3 times in the last 30 minutes.
>
> We have Cisco Wireless Controllers, Radiator and AD. In a university 
> environment a lot of our users have multiple wireless devices all 
> authenticating trough Radiator and AD. We have a password expiration 
> delay of 6 monts in AD. When the password expire for a user, the 
> wireless devices of that user tries to authenticates to the wireless 
> network over and over until the AD account is locked. The account is 
> locked for 30 minutes.
>
> So if Radiator can do that, we would like to block authentication 
> request after 3 unsuccessful requests in the last 30 minutes before 
> doing the AuthByNTLM.
>
> I presume, we are not the only organization  that face this issue.
>
> ______________________________
>
> *Pascal Beauregard*
>
> Analyste en télécommunications
>
> Service des Technologies de l'information
>
> Université de Sherbrooke
>
> Tél. : 819-821-7770
>
> Courriel : pascal.beauregard at usherbrooke.ca
>
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20130522/3d40fea7/attachment.html

More information about the radiator mailing list