Does freeRADIUS tracks previous authentication results?
I'm seeing the following logs: "Login incorrect (eap_peap: The user's session was previously rejected; returning reject (again))." I'm interested in the "again" word at the end of the log. How does FreeRADIUS know that the user authentication was previously rejected? Is it because FreeRADIUS maintains a state? If so, for how long does FreeRADIUS maintain this state? Juniper Business Use Only
On Dec 9, 2024, at 6:05 PM, Vedsar Kushwaha via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
I'm seeing the following logs:
"Login incorrect (eap_peap: The user's session was previously rejected; returning reject (again))."
I'm interested in the "again" word at the end of the log. How does FreeRADIUS know that the user authentication was previously rejected? Is it because FreeRADIUS maintains a state?
Yes. It's tracked via the State attribute. This is required by the RFCs for EAP authentication.
If so, for how long does FreeRADIUS maintain this state?
Until the EAP session is accepted or rejected. Alan DeKok.
participants (2)
-
Alan DeKok -
Vedsar Kushwaha