Configuring maximum number of password attempts
alexeim at orcsoftware.com
Fri Jun 3 17:14:41 CEST 2005
From FreeRADIUS debug I can conclude that if first does search against
LDAP with given username and base DN and then, if the search is
successful, binds with given credentials.
Both posixAccount and shadowAccount in LDAP does not have any attributes
to count bad passwords and block users based no that.
You can lock user with shadowAccount by butting LK in the beginning of
his userPassword attribute value IIRC. But counting 3 or more bad
passwords in a raw is a kind of extended logic here.
There is an option for this in sambaSamAccount object class, but people
complain that it is not working as promised.
Just my 2 cents.
Martin.Ward at uk.neceur.com wrote:
>I am using freeradius to talk to an OpenLDAP server to validate passwords.
>This all works fine and dandy. If the user enters the right password they
>get in, if they enter the wrong password the don't.
>However, I can't find a way of locking out the user if they enter an
>invalid password three times in a row. I've trolled through the LDAP stuff
>but can't find anything in there. Is there a way I can create a password
>policy to do this?
>Senior Network Administrator, NEC (Europe) Ltd.
>Acton extension: 3379
>Direct: +44 20 8752 3379
>Fax: +44 20 8752 3389
>Mobile: +44 7721 869 356
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users