Re: Cisco VPN 3000 experience
On Wed, 19 Nov 2003 16:49:22 -0500 "Dan Didier" <[EMAIL PROTECTED]> wrote: > Do you use group functions, or is everyone in the base group? > > Thanks, > Dan > I am using FreeRadius with the VPN 3000. I have groups authenticating in the concentrator and user authentication through radius. The down side to this is that you can not lock users into a group and must rely on the group settings in the client for security. -- Bill Thompson [EMAIL PROTECTED] GPG Key ID:0xFB966670 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Disable user after X failed logins (heading OT)
On Tue, 21 Oct 2003 21:30:40 +0200 "Thor Spruyt" <[EMAIL PROTECTED]> wrote: > > > In my humble opinion, the NAS should have the functionality to block the > authentication attempts of a certain user, not the RADIUS. > If done at the RADIUS, the network traffic will still occur. If done at > the NAS, the network traffic is reduced. > > I think that any NAS vendor that has this functionality has a big > advantage to other NAS vendors. > > Thor. That works ok in theory, but how will the NAS know who the user is without contacting the RADIUS server? Have you ever seen a NAS with this feature? -- [EMAIL PROTECTED] - PGP KeyID#: 0xFB966670 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Disable user after X failed logins
On Tue, 21 Oct 2003 08:37:37 -0400 Mike Clay <[EMAIL PROTECTED]> wrote: > Hi, > Is there an attribute/script/configuration that will disable a user > account after x number of failed logins? I found a question asking the > same thing for version .5x (the answer was "not yet"), and I'm wondering > if it's now possible. Thanks a lot. > > Mike > There is no attribute directly in FreeRadius, but you may want to look at authenticating radius through PAM and using pam_auth to track the failed logins. Be aware that there are some reports of memory leaks with PAM that may make the system unstable. I have configured a system like this in the lab with no issues but I have not put it into production. -- [EMAIL PROTECTED] - PGP KeyID#: 0xFB966670 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
disabling failed logins
Hello, I've been looking through the FAQ and the list archives for some kind of method to have freeradius disable authentications for users after a number of failed logins. The only reference I found was a message from 2002 saying that it couldn't be done. Is that still the case? Does anyone have an alternate method of blocking accounts automatically? Thanx, -- [EMAIL PROTECTED] - PGP KeyID#: 0xFB966670 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Build on Darwin/OS X
On Fri, 18 Jan 2002 11:41:48 -0500 [EMAIL PROTECTED] wrote: > Andrew Laurence <[EMAIL PROTECTED]> wrote: > > Has anyone tried/succeeded in building and running on Darwin, aka Mac > > OS X? > > Not that I know of. > > It should work, though. It's running on FreeBSD && NetBSD. > > Alan DeKok. > That is a fairly common misconception about OSX/Darwin. The Darwin that runs on OSX is based on BSD, but it does use a different kernel, has some funky libraries, and last time I tried it (10.0) used a heavily modified GCC. The OSX/Darwin is also slightly different than the Darwin available for x86. It's possible to build standard Unix programs on OSX, but you may have to tweak the code in order to get it to run.-- [EMAIL PROTECTED] - PGP KeyID#: 0xFB966670 "Crappy old OSes have value in the basically negative sense that changing to new ones makes us wish we'd never been born." -Neal Stephenson 1999 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html