[RADIATOR] Limit users' request rate

2012-02-14 Thread Alby
Hi all,
does anyone know if Radiator has an easy way to limit the users' request
rate? I would like to make users that fail the authentication for more than
10 times consequently to wait for some minutes before being able to
authenticate again in the system. This could be useful to keep away people
trying to guess other users' password.
Thank you for your help!
Alberto
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Limit users' request rate

2012-02-14 Thread Hugh Irvine

Hello Alberto -

There are a couple of examples in "goodies/hooks.txt" in the Radiator 
distribution.

regards

Hugh


On 14 Feb 2012, at 20:24, Alby wrote:

> Hi all,
> does anyone know if Radiator has an easy way to limit the users' request 
> rate? I would like to make users that fail the authentication for more than 
> 10 times consequently to wait for some minutes before being able to 
> authenticate again in the system. This could be useful to keep away people 
> trying to guess other users' password. 
> Thank you for your help!
> Alberto
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
h...@open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. 
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator


Re: [RADIATOR] Limit users' request rate

2012-02-14 Thread Alby
Hi Hugh,
thank you for your quick response. I'm going to have a look to it asap.
Alberto

Il giorno 14 febbraio 2012 11:13, Hugh Irvine  ha scritto:

>
> Hello Alberto -
>
> There are a couple of examples in "goodies/hooks.txt" in the Radiator
> distribution.
>
> regards
>
> Hugh
>
>
> On 14 Feb 2012, at 20:24, Alby wrote:
>
> > Hi all,
> > does anyone know if Radiator has an easy way to limit the users' request
> rate? I would like to make users that fail the authentication for more than
> 10 times consequently to wait for some minutes before being able to
> authenticate again in the system. This could be useful to keep away people
> trying to guess other users' password.
> > Thank you for your help!
> > Alberto
> > ___
> > radiator mailing list
> > radiator@open.com.au
> > http://www.open.com.au/mailman/listinfo/radiator
>
>
> --
>
> Hugh Irvine
> h...@open.com.au
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc.
> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>
>
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

[RADIATOR] Bug in SessSQL.pm

2012-02-14 Thread Eddie Stassen
UpdateQuery  crashes Radiator when the query
contains %{Quote:...}.  This is due to $self not being passed as the
third parameter to Radius::Util::format_special(). The patch below
fixes it.

Regards,
Eddie Stassen

--- SessSQL.pm.ORIG 2012-02-14 15:32:12.0 +0200
+++ SessSQL.pm  2012-02-14 15:44:42.0 +0200
@@ -132,7 +132,9 @@
 $self->log($main::LOG_DEBUG,
   "$self->{Identifier} Updating session for $name,
$nas_id, $nas_port", $p);
 # Now add the new one
-$self->do(&Radius::Util::format_special($self->{UpdateQuery}, $p));
+$self->do(&$self->{UpdateQuery}, $p, $self,
+$self->quote($name), $nas_id, $nas_port+0,
+$self->quote($p->getAttrByNum($Radius::Radius::ACCT_SESSION_ID;
 }
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator


[RADIATOR] Chap challenge in AuthBy EXTERNAL

2012-02-14 Thread Mark Green
Hello,

I'm using an external command to authenticate users with .

I've implemented PAP and CHAP.

I've a problem with CHAP. If the NAS sends CHAP-Challenge I have no problem.
But some ciscos send only CHAP-Password.

How can I get the CHAP challenge in this case?

In AuthGeneric.pm i read these lines

# The challenge is sent by the client in CHAP-Challenge.
# If that is not set, the challenge is in the authenticator
$challenge = $p->getAttrByNum($Radius::Radius::CHAP_CHALLENGE);
$challenge = $p->authenticator unless defined $challenge;

What is authenticator? How can I read this value in AuthBy EXTERNAL?
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Bug in SessSQL.pm

2012-02-14 Thread Mike McCauley
Hi Eddie,

thanks for reporting this.
It has now been fixed in the latest patch set.

Cheers.

On Tuesday, February 14, 2012 03:53:04 PM Eddie Stassen wrote:
> UpdateQuery  crashes Radiator when the query
> contains %{Quote:...}.  This is due to $self not being passed as the
> third parameter to Radius::Util::format_special(). The patch below
> fixes it.
> 
> Regards,
> Eddie Stassen
> 
> --- SessSQL.pm.ORIG 2012-02-14 15:32:12.0 +0200
> +++ SessSQL.pm  2012-02-14 15:44:42.0 +0200
> @@ -132,7 +132,9 @@
>  $self->log($main::LOG_DEBUG,
>"$self->{Identifier} Updating session for $name,
> $nas_id, $nas_port", $p);
>  # Now add the new one
> -$self->do(&Radius::Util::format_special($self->{UpdateQuery}, $p));
> +$self->do(&$self->{UpdateQuery}, $p, $self,
> +$self->quote($name), $nas_id, $nas_port+0,
> +   
> $self->quote($p->getAttrByNum($Radius::Radius::ACCT_SESSION_ID; }
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
-- 
Mike McCauley   mi...@open.com.au
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474   Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator


Re: [RADIATOR] Limit users' request rate

2012-02-14 Thread Hugh Irvine

Ciao Matteo -

I'm sorry but I don't understand your question.

The Radiator documentation is available on the web site:

http://www.open.com.au/radiator/documentation.html

and there are a great many examples of how to configure Radiator in the 
"goodies" directory of the Radiator distribution.

regards

Hugh


On 14 Feb 2012, at 23:21, Guiati Matteo wrote:

> Hi Irvine,
>   thanks again for your quick responce.
> We would like to know security features developed in Radiator.
> Could you share with us docs?
> 
> 
> Thanks in advance,
> 
> Best regards,
> 
> Matteo
> 
> 
> 
> Matteo Guiati
> Spike Reply
> Via Castellanza, 11
> 20151 - Milano - ITALY
> phone: +39 02 535761
> mobile: +39 345 3307484
> m.gui...@reply.it
> www.reply.it
> 
> 
> From: Hugh Irvine [h...@open.com.au]
> Sent: Tuesday, 14 February 2012 11:13 AM
> To: Alby
> Cc: radiator@open.com.au; Guiati Matteo
> Subject: Re: [RADIATOR] Limit users' request rate
> 
> Hello Alberto -
> 
> There are a couple of examples in "goodies/hooks.txt" in the Radiator 
> distribution.
> 
> regards
> 
> Hugh
> 
> 
> On 14 Feb 2012, at 20:24, Alby wrote:
> 
>> Hi all,
>> does anyone know if Radiator has an easy way to limit the users' request 
>> rate? I would like to make users that fail the authentication for more than 
>> 10 times consequently to wait for some minutes before being able to 
>> authenticate again in the system. This could be useful to keep away people 
>> trying to guess other users' password.
>> Thank you for your help!
>> Alberto
>> ___
>> radiator mailing list
>> radiator@open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
> 
> 
> --
> 
> Hugh Irvine
> h...@open.com.au
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc.
> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
> 
> 
> 
> 
> --
> The information transmitted is intended for the person or entity to which it 
> is addressed and may contain confidential and/or privileged material. Any 
> review, retransmission, dissemination or other use of, or taking of any 
> action in reliance upon, this information by persons or entities other than 
> the intended recipient is prohibited. If you received this in error, please 
> contact the sender and delete the material from any computer.


--

Hugh Irvine
h...@open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. 
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator