On Sep 6, 2019, at 4:50 PM, Jiuyu Sun <sunjiuyu@gmail.com> wrote:
I have a FreeRadius server running with EAP-TLS. The client can authenticate with the server with the client-side certificate (which is in a Hotspot 2.0 profile). I want to avoid user misuse of certificate/profile stolen - userA copies the client-side certificate/profile and give it to userB, so that userB can authenticate to the server with the same certificate/profile.
Is there something that can be configured in FreeRadius to limit the quota of authentication on one user/certificate? For example, only allow 10 times of user authentication to my FreeRadius server everyday? Thank you!
Store the information in a database. FreeRADIUS isn't a database, but it connects to pretty much every database in existence. We can help you with configuring connections to a DB, and unlang rules to check this. But it really does have to be stored in a DB. Alan DeKok.