Re: Configuring maximum number of password attempts
Hi. From FreeRADIUS debug I can conclude that if first does search against LDAP with given username and base DN and then, if the search is successful, binds with given credentials. Both posixAccount and shadowAccount in LDAP does not have any attributes to count bad passwords and block users based no that. You can lock user with shadowAccount by butting LK in the beginning of his userPassword attribute value IIRC. But counting 3 or more bad passwords in a raw is a kind of extended logic here. There is an option for this in sambaSamAccount object class, but people complain that it is not working as promised. Just my 2 cents. A. [EMAIL PROTECTED] wrote: Hi all, I am using freeradius to talk to an OpenLDAP server to validate passwords. This all works fine and dandy. If the user enters the right password they get in, if they enter the wrong password the don't. However, I can't find a way of locking out the user if they enter an invalid password three times in a row. I've trolled through the LDAP stuff but can't find anything in there. Is there a way I can create a password policy to do this? |\/|artin -- Senior Network Administrator, NEC (Europe) Ltd. Acton extension: 3379 NEC*Net: 800-44-21-3379 Direct: +44 20 8752 3379 Fax: +44 20 8752 3389 Mobile: +44 7721 869 356 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Configuring maximum number of password attempts
Hi all, I am using freeradius to talk to an OpenLDAP server to validate passwords. This all works fine and dandy. If the user enters the right password they get in, if they enter the wrong password the don't. However, I can't find a way of locking out the user if they enter an invalid password three times in a row. I've trolled through the LDAP stuff but can't find anything in there. Is there a way I can create a password policy to do this? |\/|artin -- Senior Network Administrator, NEC (Europe) Ltd. Acton extension: 3379 NEC*Net: 800-44-21-3379 Direct: +44 20 8752 3379 Fax: +44 20 8752 3389 Mobile: +44 7721 869 356 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuring maximum number of password attempts
[EMAIL PROTECTED] wrote: However, I can't find a way of locking out the user if they enter an invalid password three times in a row. I've trolled through the LDAP stuff but can't find anything in there. Is there a way I can create a password policy to do this? Not really, because FreeRADIUS is probably pulling the passwords out of LDAP, and doing the authentication itself. If FreeRADIUS is calling ldap to do the authentication, then maybe there's something in OpenLDAP to implement the password policy. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
