Incremental Reject delay

Krzysztof Grobelak kgrobelak at airspeed.ie
Wed Nov 4 12:46:23 CET 2015


Hello List,

Apologies if this was asked here before.

I would like to configure freeRadius to send Access-Reject with values that increment with each failed attempt.

I noticed in the mailing list some discussion about  an "FreeRADIUS-Response-Delay-Usec" is there an attribute that would allow for full seconds delay?

Something like "FreeRADIUS-Response-Delay" maybe?

I could then query the database for the last delay and increment it accordingly
like such:

update reply {
    Tmp-String-0 := "%{sql:SELECT delay+delay FROM failed_login_delay WHERE username=&User-Name}"
     FreeRADIUS-Response-Delay := &Tmp-String-0
}

I hope this does makes sense...

Obviously i'm aware of the reject_delay setting in radiusd.conf but I would like to be able to increment the delay dynamically.
Or is there some other obvious way to do this?

Thanks in advance.

Regards,
Krzysztof



Airspeed Telecom


More information about the Freeradius-Users mailing list