Radius users state
Sudarshan Soma
sudarshan12s at gmail.com
Tue Sep 16 08:51:24 CEST 2008
Thanks a lot Ivan.
Could you please correct me if the following are valid.
1. For determining session expiry, i can see the Reply-Message for
session timeout from rlm_expiration module. But for determining locked
users, i think rlm_unix doesnt pass RLM_MODULE_USERLOCK as part of
Reply-Message.
2. For determining if user named xyz has typed wrong passwd and his
privilage level, , i will keep /etc/raddb/users entry as
xyz Auth-Type := Reject , User-password =~ "*"
Reply-Message = "Invalid passwd for xyz(level 2)."
I can parse Reply-Message to determine the privilage. Is this the
right way to determine the user privilage?
3. For determining if the user is a valid radius user, i will keep
this entry at the end in the /etc/raddb/users :
DEFAULT Auth-Type := Reject
Reply-Message = "Invalid user"
Thanks and Regards,
Pavan
2008/9/15 <tnt at kalik.net>:
> Reply-Message attribute.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 15/9/2008, "Sudarshan Soma" <sudarshan12s at gmail.com> piše:
>
>>Hi All,
>>Is there anyway if the radius client can determine, if the user
>>authentication failed due to user locked/user-not-existing.
>>
>>I think the RADIUS doesnt have a field in the response codes to
>>indicate this information. This might be correct in the sense intruder
>>doesnt know the actual reason for authentication failure.
>>
>>I just wanted to clarify that the information such as
>>locked-state/passwdexpired,... cant be obtained through radius client.
>>
>>
>>Thanks and Best Regards,
>>-
>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list