Quota limit on the time of authentication

Alan DeKok aland at deployingradius.com
Sat Sep 7 14:17:36 CEST 2019


On Sep 6, 2019, at 4:50 PM, Jiuyu Sun <sunjiuyu at gmail.com> wrote:
> I have a FreeRadius server running with EAP-TLS. The client can
> authenticate with the server with the client-side certificate (which is in
> a Hotspot 2.0 profile). I want to avoid user misuse of certificate/profile
> stolen - userA copies the client-side certificate/profile and give it to
> userB, so that userB can authenticate to the server with the same
> certificate/profile.
> 
> Is there something that can be configured in FreeRadius to limit the quota
> of authentication on one user/certificate? For example, only allow 10 times
> of user authentication to my FreeRadius server everyday? Thank you!

  Store the information in a database.  FreeRADIUS isn't a database, but it connects to pretty much every database in existence.

  We can help you with configuring connections to a DB, and unlang rules to check this.  But it really does have to be stored in a DB.

  Alan DeKok.




More information about the Freeradius-Users mailing list