On ons, 2007-07-25 at 13:31 -0400, Michael W. Lucas wrote: > If a user logs in from too many machines, or if he enters a wrong > password, he gets the error message in ERR_NO_SHARING. I would expect > a user who signs on too often to get ERR_NO_SHARING and a user who > fails to authenticate to get the default ERR_CACHE_ACCESS_DENIED. > > Instead, all users get ERR_NO_SHARING. I would like to give the users > a useful error message, but obviously I am missing something. > #clients may only log in from one IP at a time. > http_access deny noPwSharing change the above to http_access deny our_networks radius_auth noPwSharing and the results will be what you expect, making unauthenticated users be denied by the radius_auth acl, and authenticated users using too many IP addresses denied by the noPwSharing ACL. I also added the out_networks acl to deny probing of the user passwords.. you probably want to do this on the no_auth_... lines as well. Regards Henrik
