Can someone point me to how to: 1) add a configuration value (the retry count allowed).
Add an "int" value to the module config. There are tons of examples of this in the server source. I added a field to rlm_mschap_t and added appropriate entry to module_config[]
That seemed to do the trick.
2) add a state value associated with a session (current retry count).
Use a DB.
And once you use a DB, the "max retry" value might as well be hard-coded in the queries.
That issue aside I would like to implement a retry count so that if say a retry count of 3 the user would be presented with at most 3 "Re-enter Credentials" dialog box before having the client go into a different mode where it fails and then gives the user a chance to enter user name and password.
Storing data for (potentially) 100's of 1000's of users means "use a DB".
I was hoping to only store the value of retry remaining when there was a failure of authentication for the session. The vast majority of connections to the radius server succeed since they are cashed in the machines of the users. Failure of passwords occur after a password change or when first connecting to the network both of which are a relatively rare occurrence. Is there another preferred way to keep track of remaining retry counts for a particular session. johnh...
My $0.02 is to write a Perl script to implement the logic, and use rlm_perl.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html