[RADIATOR] Limit users' request rate
Hi all, does anyone know if Radiator has an easy way to limit the users' request rate? I would like to make users that fail the authentication for more than 10 times consequently to wait for some minutes before being able to authenticate again in the system. This could be useful to keep away people trying to guess other users' password. Thank you for your help! Alberto ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Limit users' request rate
Hello Alberto - There are a couple of examples in "goodies/hooks.txt" in the Radiator distribution. regards Hugh On 14 Feb 2012, at 20:24, Alby wrote: > Hi all, > does anyone know if Radiator has an easy way to limit the users' request > rate? I would like to make users that fail the authentication for more than > 10 times consequently to wait for some minutes before being able to > authenticate again in the system. This could be useful to keep away people > trying to guess other users' password. > Thank you for your help! > Alberto > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Limit users' request rate
Hi Hugh, thank you for your quick response. I'm going to have a look to it asap. Alberto Il giorno 14 febbraio 2012 11:13, Hugh Irvine ha scritto: > > Hello Alberto - > > There are a couple of examples in "goodies/hooks.txt" in the Radiator > distribution. > > regards > > Hugh > > > On 14 Feb 2012, at 20:24, Alby wrote: > > > Hi all, > > does anyone know if Radiator has an easy way to limit the users' request > rate? I would like to make users that fail the authentication for more than > 10 times consequently to wait for some minutes before being able to > authenticate again in the system. This could be useful to keep away people > trying to guess other users' password. > > Thank you for your help! > > Alberto > > ___ > > radiator mailing list > > radiator@open.com.au > > http://www.open.com.au/mailman/listinfo/radiator > > > -- > > Hugh Irvine > h...@open.com.au > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. > Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. > > ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Bug in SessSQL.pm
UpdateQuery crashes Radiator when the query contains %{Quote:...}. This is due to $self not being passed as the third parameter to Radius::Util::format_special(). The patch below fixes it. Regards, Eddie Stassen --- SessSQL.pm.ORIG 2012-02-14 15:32:12.0 +0200 +++ SessSQL.pm 2012-02-14 15:44:42.0 +0200 @@ -132,7 +132,9 @@ $self->log($main::LOG_DEBUG, "$self->{Identifier} Updating session for $name, $nas_id, $nas_port", $p); # Now add the new one -$self->do(&Radius::Util::format_special($self->{UpdateQuery}, $p)); +$self->do(&$self->{UpdateQuery}, $p, $self, +$self->quote($name), $nas_id, $nas_port+0, +$self->quote($p->getAttrByNum($Radius::Radius::ACCT_SESSION_ID; } ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Chap challenge in AuthBy EXTERNAL
Hello, I'm using an external command to authenticate users with . I've implemented PAP and CHAP. I've a problem with CHAP. If the NAS sends CHAP-Challenge I have no problem. But some ciscos send only CHAP-Password. How can I get the CHAP challenge in this case? In AuthGeneric.pm i read these lines # The challenge is sent by the client in CHAP-Challenge. # If that is not set, the challenge is in the authenticator $challenge = $p->getAttrByNum($Radius::Radius::CHAP_CHALLENGE); $challenge = $p->authenticator unless defined $challenge; What is authenticator? How can I read this value in AuthBy EXTERNAL? ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Bug in SessSQL.pm
Hi Eddie, thanks for reporting this. It has now been fixed in the latest patch set. Cheers. On Tuesday, February 14, 2012 03:53:04 PM Eddie Stassen wrote: > UpdateQuery crashes Radiator when the query > contains %{Quote:...}. This is due to $self not being passed as the > third parameter to Radius::Util::format_special(). The patch below > fixes it. > > Regards, > Eddie Stassen > > --- SessSQL.pm.ORIG 2012-02-14 15:32:12.0 +0200 > +++ SessSQL.pm 2012-02-14 15:44:42.0 +0200 > @@ -132,7 +132,9 @@ > $self->log($main::LOG_DEBUG, >"$self->{Identifier} Updating session for $name, > $nas_id, $nas_port", $p); > # Now add the new one > -$self->do(&Radius::Util::format_special($self->{UpdateQuery}, $p)); > +$self->do(&$self->{UpdateQuery}, $p, $self, > +$self->quote($name), $nas_id, $nas_port+0, > + > $self->quote($p->getAttrByNum($Radius::Radius::ACCT_SESSION_ID; } > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Mike McCauley mi...@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Limit users' request rate
Ciao Matteo - I'm sorry but I don't understand your question. The Radiator documentation is available on the web site: http://www.open.com.au/radiator/documentation.html and there are a great many examples of how to configure Radiator in the "goodies" directory of the Radiator distribution. regards Hugh On 14 Feb 2012, at 23:21, Guiati Matteo wrote: > Hi Irvine, > thanks again for your quick responce. > We would like to know security features developed in Radiator. > Could you share with us docs? > > > Thanks in advance, > > Best regards, > > Matteo > > > > Matteo Guiati > Spike Reply > Via Castellanza, 11 > 20151 - Milano - ITALY > phone: +39 02 535761 > mobile: +39 345 3307484 > m.gui...@reply.it > www.reply.it > > > From: Hugh Irvine [h...@open.com.au] > Sent: Tuesday, 14 February 2012 11:13 AM > To: Alby > Cc: radiator@open.com.au; Guiati Matteo > Subject: Re: [RADIATOR] Limit users' request rate > > Hello Alberto - > > There are a couple of examples in "goodies/hooks.txt" in the Radiator > distribution. > > regards > > Hugh > > > On 14 Feb 2012, at 20:24, Alby wrote: > >> Hi all, >> does anyone know if Radiator has an easy way to limit the users' request >> rate? I would like to make users that fail the authentication for more than >> 10 times consequently to wait for some minutes before being able to >> authenticate again in the system. This could be useful to keep away people >> trying to guess other users' password. >> Thank you for your help! >> Alberto >> ___ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator > > > -- > > Hugh Irvine > h...@open.com.au > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. > Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. > > > > > -- > The information transmitted is intended for the person or entity to which it > is addressed and may contain confidential and/or privileged material. Any > review, retransmission, dissemination or other use of, or taking of any > action in reliance upon, this information by persons or entities other than > the intended recipient is prohibited. If you received this in error, please > contact the sender and delete the material from any computer. -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator