how to add MSCHAPV2 Retry Max

John.Hayward at John.Hayward at
Wed May 11 15:54:22 CEST 2011

>> Can someone point me to how to:
>> 1) add a configuration value (the retry count allowed).
>  Add an "int" value to the module config.  There are tons of examples
> of this in the server source.
I added a field to rlm_mschap_t and added appropriate entry to 

That seemed to do the trick.
>> 2) add a state value associated with a session (current retry count).
>  Use a DB.
>  And once you use a DB, the "max retry" value might as well be
> hard-coded in the queries.
>> That issue aside I would like to implement a retry count so that if say
>> a retry count of 3 the user would be presented with at most 3 "Re-enter
>> Credentials" dialog box before having the client go into a different
>> mode where it fails and then gives the user a chance to enter user name
>> and password.
>  Storing data for (potentially) 100's of 1000's of users means "use a DB".

I was hoping to only store the value of retry remaining when there was a 
failure of authentication for the session.  The vast majority of 
connections to the radius server succeed since they are cashed in the 
machines of the users. Failure of passwords occur after a password change 
or when first connecting to the network both of which are a relatively rare 

Is there another preferred way to keep track of remaining retry counts for 
a particular session.

>  My $0.02 is to write a Perl script to implement the logic, and use
> rlm_perl.
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Devel mailing list