how to add MSCHAPV2 Retry Max

John.Hayward at John.Hayward at
Tue May 10 18:42:43 CEST 2011

Free Radius Developers,

Can someone point me to how to:
1) add a configuration value (the retry count allowed).
2) add a state value associated with a session (current retry count).

The motivation is:
    When a windows xp box is authenticating against freeradius with patches 
to support retry and freeradius is configured to allow retry and the user 
enters a wrong username the user is presented with a balloon which has:
Wireless Network Connection -- Click here to process your login 
information for the network yyyy 
The duologue window pops up with title "Re-enter Credentials"
The User name entry shows the entered username grayed out
The Password has dots for each letter entered
The Domain is grayed out
There is an Ok and Cancel button.

The user cannot correct the wrong username.

If they hit either Ok a new balloon pops up with the same info.
If they hit cancel in a while (seems about 30 sec) a new balloon pops up.
After about 2 minutes a different balloon pops up where they can enter 
their credentials of User name, password and login domain.

If retry is not enabled no balloon which results in a "Re-enter 
Credentials" dialog box occurs - after a long while (over 2 minutes) a 
balloon pops up where the user can enter their User name, password and 
login domain.

There seems to be a problem when retry is not enabled of getting the 
windows client to detect there is a problem and giving up in a quicker 
time frame.

That issue aside I would like to implement a retry count so that if say a 
retry count of 3 the user would be presented with at most 3 "Re-enter 
Credentials" dialog box before having the client go into a different 
mode where it fails and then gives the user a chance to enter user name 
and password.


More information about the Freeradius-Devel mailing list