hi there
here my version of an user lockout via mysql for freeradius
Create a table like:
CREATE TABLE IF NOT EXISTS `failed` ( `stationid` text NOT NULL, `nasip` text NOT NULL, `username` text NOT NULL, `authdate` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
vi /etc/freeradius/policy.conf
lockout_check {
update control {
Tmp-Integer-0 := "%{sql:SELECT COUNT(*) FROM failed where username='%{User-Name}' AND authdate>=DATE_SUB(NOW(), INTERVAL 15 MINUTE)}"
}
if (control:Tmp-Integer-0 > 5) {
reject
}
}
lockout_incr {
update control {
Tmp-Integer-0 := "%{sql:INSERT INTO failed (stationid,nasip,username,authdate) VALUES ('%{Calling-Station-Id}','%{NAS-IP-Address}','%{User-Name}', NOW())}"
Tmp-Integer-1 := "%{sql:DELETE FROM failed WHERE authdate<=DATE_SUB(NOW(), INTERVAL 30 MINUTE)}"
}
}
vi /etc/freeradius/sites-enabled/default
authorize {
lockout_check
.....
}
post-auth {
Post-Auth-Type REJECT {
lockout_incr
}
.....
}
Have fun!