how to add MSCHAPV2 Retry Max

Alan DeKok aland at deployingradius.com
Fri May 13 15:09:31 CEST 2011


John.Hayward at wheaton.edu wrote:
>>  What's a "session"?
> I probably used the wrong term here.  What I intended to say was
> something like a "Negotiation" sequence.  In rfc2759

  That's nice.  What does that have to do with RADIUS?

  I'm not being obtuse here... I really mean that you need to look at
how this interacts with RADIUS.

  Hint: it doesn't.

> Keeping track of the number of retries used in the current "Negotiation"
> sequence is what I am attempting.

  As I've said repeatedly:

>>  The RADIUS server doesn't track sessions.
...
>>  MSCHAP authentication doesn't involve the idea of "sessions".  Look at
>> rlm_mschap: there is no session tracking.
> 
> I'll look at EAP module and see if the retry counter could be used to
> keep track of the retries of a particular "Negotiation" sequence of the
> MSCHAP authentication.

  EAP != MSCHAP

  You will need to write the same kind of session tracking in MSCHAP as
is currently done in EAP.  You *cannot* re-use the EAP session tracking.

  And for 99% of the situations, session tracking in MS-CHAP is pointless.

  You're MUCH better off using a DB.  Really.  That's why I suggested
it.  I'm not an idiot.

  Alan DeKok.



More information about the Freeradius-Devel mailing list