addition to policy.conf

Stefan Winter stefan.winter at restena.lu
Wed Jun 6 13:06:49 CEST 2012


Hi,

> Out of interest, the total number of login attempts for the month? And the
> total number of rejects for the month? (So the above figures can be
> visualised as "percentage of total authentications" and "percentage of total
> rejects" respectively)

eduroam is an open consortium, so all these stats are available online
for your viewing pleasure. Click here:

http://monitor.eduroam.org/f-ticks/matrix.php?gtype=matrix&obid=all&country=allmenu

That's for the last full hour. You can change the interval to a day or
month in self-service on that page ("Change interval").

> A more general approach would be to throttle auth attempts for any
> particular username after a configured number of failures, which I think
> could be done quite efficiently using the new rlm_redis module - but that
> involves rather more work to set up than a simple regexp test.

To be honest, I firmly believe it is a good Access Point's job to kill
annoying clients. There's no use to send packets via the RADIUS
infrastructure if it's just a broken piece of device. Unfortunately, not
all APs are good :-/

Stefan
>
> Regards,
>
> Brian.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html



More information about the Freeradius-Devel mailing list