John.Hayward@wheaton.edu wrote:
Storing data for (potentially) 100's of 1000's of users means "use a DB".
I was hoping to only store the value of retry remaining when there was a failure of authentication for the session.
What's a "session"? The RADIUS server doesn't track sessions. They're stored in a DB. (Accounting start / interim / stop). The server tracks EAP authentications, but that's different, and the EAP module already implements a retry counter. MSCHAP authentication doesn't involve the idea of "sessions". Look at rlm_mschap: there is no session tracking.
The vast majority of connections to the radius server succeed since they are cashed in the machines of the users. Failure of passwords occur after a password change or when first connecting to the network both of which are a relatively rare occurrence.
Sure.
Is there another preferred way to keep track of remaining retry counts for a particular session.
First, define what a "session" is. Second, realize that the server doesn't already do tracking for that session. :( Third, put session tracking into a DB. The server already integrates with DBs. Alan DeKok.