[RADIATOR] AuthBy FAILUREPOLICY always results in IGNORE
Ralf Wenk
iz-osc2017 at hs-karlsruhe.de
Thu Feb 6 13:46:57 UTC 2020
On 2020-02-06 at 14:39 +0200 Heikki Vatiainen wrote:
> On 05/02/2020 14.24, Ralf Wenk wrote:
>
> > The handler statements are
> >
> > <Handler Client-Identifier=IZ, Realm=VPN>
> > AcctLogFileName %L/vpn/AcctLog-%Y-%m
> > RewriteUsername s/@.+//o
> > UsernameCharset a-z0-9
> > <AuthBy FAILUREPOLICY>
> > Identifier Fail_Policy
> > ConsecutiveFailures 5
> > ConsecutiveLockTime 300
> > CumulativeFailures 200
> > CumulativeLockTime 14400
> > CumulativeWindow 43200
> > </AuthBy>
> > AuthBy SQL_VPN
> > AuthLog AuthLogFile-VPN
> > AuthLog AuthLogSyslog-VPN
> > AuthLog AuthLogSQL-VPN
> > AuthBy SQL_Acct_Log_VPN
> > Identifier VPN
> > </Handler>
> >
> > and the Radiator version is 4.24-10.
> >
> > I think the cause is behind the "No failure policy history exists ..."
> > message.
>
> Quite likely so. This means that there's no history yet for the user. If
> there should be, then the it's likely that nothing has created and
> updated the history for the user.
>
> > Did I make a wrong assumption or is there a configuration mistake in
> > the FAILUREPOLICY I do not see?
>
> There's one thing that seems to be missing, note that in
> failurepolicy.cfg goodies file there's PostAuthHook defined. This hook
> checks the result and then maintains the history.
Yes, that was it.
Just adding the PostAuthHook-line from failurepolicy.cfg fixed it.
Thank you.
May I suggest a hint in the <AuthBy FAILUREPOLICY> section?
Ralf
More information about the radiator
mailing list