Lockout by IP number?

Conrad Classen conrad.classen at gmail.com
Thu Sep 28 05:49:18 UTC 2023


You can try looking at the Calling-Station-Id attribute which should 
provide the IP of the device connecting to the NAS IP of

Hope this helps.

On 2023/09/28 02:06, Ann Cantelow wrote:
> Hello,
> I am looking to implement a lockout for excessive login tries. I have been following advice offered athttps://wiki.freeradius.org/guide/lockout  , and thank you very much for that. Is there a variable like '%{User-Name}' for IP number? I would like to do a lockout based on IP number as well as User-Name. I see the IP is listed in the radius log, but I haven't been able to find an attribute that I figure will give this information. I've looked in the dictionary files, but maybe I've somehow missed it.
> My radius version is 2.1.12 on RHEL6, and client nastype is cisco. Radius upgrade to version 3 is planned.
> Radius log example lines showing ip numbers:
> ...
> Wed Sep 27 11:29:13 2023 : Auth: Login incorrect: [edc] (from client [clientname] port 212271104 cli
> Wed Sep 27 11:29:14 2023 : Auth: Login incorrect: [edc] (from client [clientname] port 86839296 cli
> Wed Sep 27 11:29:16 2023 : Auth: Login incorrect: [qazwsx] (from client [clientname] port 241688576 cli
> Wed Sep 27 11:29:17 2023 : Auth: Login incorrect: [qazwsx] (from client [clientname] port 166244352 cli
> ...
> Many thanks,
> Ann Cantelow
> -
> List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list