Lockout by IP number?
Conrad Classen
conrad.classen at gmail.com
Thu Sep 28 05:49:18 UTC 2023
Hi
You can try looking at the Calling-Station-Id attribute which should
provide the IP of the device connecting to the NAS IP of 62.122.184.231
Hope this helps.
On 2023/09/28 02:06, Ann Cantelow wrote:
> Hello,
>
> I am looking to implement a lockout for excessive login tries. I have been following advice offered athttps://wiki.freeradius.org/guide/lockout , and thank you very much for that. Is there a variable like '%{User-Name}' for IP number? I would like to do a lockout based on IP number as well as User-Name. I see the IP is listed in the radius log, but I haven't been able to find an attribute that I figure will give this information. I've looked in the dictionary files, but maybe I've somehow missed it.
>
> My radius version is 2.1.12 on RHEL6, and client nastype is cisco. Radius upgrade to version 3 is planned.
>
> Radius log example lines showing ip numbers:
>
> ...
> Wed Sep 27 11:29:13 2023 : Auth: Login incorrect: [edc] (from client [clientname] port 212271104 cli 62.122.184.231)
> Wed Sep 27 11:29:14 2023 : Auth: Login incorrect: [edc] (from client [clientname] port 86839296 cli 62.122.184.231)
> Wed Sep 27 11:29:16 2023 : Auth: Login incorrect: [qazwsx] (from client [clientname] port 241688576 cli 62.122.184.231)
> Wed Sep 27 11:29:17 2023 : Auth: Login incorrect: [qazwsx] (from client [clientname] port 166244352 cli 62.122.184.231)
> ...
>
> Many thanks,
> Ann Cantelow
>
> -
> List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list