Quota limit on the time of authentication

classic Classic list List threaded Threaded
2 messages Options
| Threaded
Open this post in threaded view
|

Quota limit on the time of authentication

Holly Sun
Hi,

I have a FreeRadius server running with EAP-TLS. The client can
authenticate with the server with the client-side certificate (which is in
a Hotspot 2.0 profile). I want to avoid user misuse of certificate/profile
stolen - userA copies the client-side certificate/profile and give it to
userB, so that userB can authenticate to the server with the same
certificate/profile.

Is there something that can be configured in FreeRadius to limit the quota
of authentication on one user/certificate? For example, only allow 10 times
of user authentication to my FreeRadius server everyday? Thank you!

Best,
Holly
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Quota limit on the time of authentication

Alan DeKok-2
On Sep 6, 2019, at 4:50 PM, Jiuyu Sun <[hidden email]> wrote:

> I have a FreeRadius server running with EAP-TLS. The client can
> authenticate with the server with the client-side certificate (which is in
> a Hotspot 2.0 profile). I want to avoid user misuse of certificate/profile
> stolen - userA copies the client-side certificate/profile and give it to
> userB, so that userB can authenticate to the server with the same
> certificate/profile.
>
> Is there something that can be configured in FreeRadius to limit the quota
> of authentication on one user/certificate? For example, only allow 10 times
> of user authentication to my FreeRadius server everyday? Thank you!

  Store the information in a database.  FreeRADIUS isn't a database, but it connects to pretty much every database in existence.

  We can help you with configuring connections to a DB, and unlang rules to check this.  But it really does have to be stored in a DB.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html