Hi.
From FreeRADIUS debug I can conclude that if first does search against
LDAP with given username and base DN and then, if the search is
successful, binds with given credentials.
Both posixAccount and shadowAccount in LDAP does not have any attributes
to count bad passwords and block users based no that.
You can lock user with shadowAccount by butting LK in the beginning of
his userPassword attribute value IIRC. But counting 3 or more bad
passwords in a raw is a kind of extended logic here.
There is an option for this in sambaSamAccount object class, but people
complain that it is not working as promised.
Just my 2 cents.
A.
[EMAIL PROTECTED] wrote:
Hi all,
I am using freeradius to talk to an OpenLDAP server to validate passwords.
This all works fine and dandy. If the user enters the right password they
get in, if they enter the wrong password the don't.
However, I can't find a way of locking out the user if they enter an
invalid password three times in a row. I've trolled through the LDAP stuff
but can't find anything in there. Is there a way I can create a password
policy to do this?
|\/|artin
--
Senior Network Administrator, NEC (Europe) Ltd.
Acton extension: 3379
NEC*Net: 800-44-21-3379
Direct: +44 20 8752 3379
Fax: +44 20 8752 3389
Mobile: +44 7721 869 356
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
