On 8 Sep 2015, at 04:09, Anja Ruckdaeschel <Anja.Ruckdaeschel@rz.uni-regensburg.de> wrote:
Hi there,
I wonder what is the designated way in FR 3.0.9 to trigger an eDirectory-Intruder Lockout with edir_autz=yes in addition?
I want to use a, universal password retrieval b, grace login consumation, account expire check, password expire check, login time restrictions check, attribute checks, etc. c, intruder lockout trigger (I do a named ldap bind with the login-user with a password which is bad, if mschap rejects)
I guess something like this: post-auth { Post-Auth-Type REJECT { update request { User-Password := 'junk' } ldap.authrorize } }
in one radius config for PEAP/MSCHAPv2 with eDIR.
So far, I only manage to get a and b OR a and c running.
Perhaps you can give me a hint?
Thank you for your time.
Ciao Anja
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2