how to add MSCHAPV2 Retry Max

John.Hayward at wheaton.edu John.Hayward at wheaton.edu
Wed May 11 15:54:22 CEST 2011


>> Can someone point me to how to:
>> 1) add a configuration value (the retry count allowed).
>
>  Add an "int" value to the module config.  There are tons of examples
> of this in the server source.
I added a field to rlm_mschap_t and added appropriate entry to 
module_config[]

That seemed to do the trick.
>
>> 2) add a state value associated with a session (current retry count).
>
>  Use a DB.
>
>  And once you use a DB, the "max retry" value might as well be
> hard-coded in the queries.
>
>> That issue aside I would like to implement a retry count so that if say
>> a retry count of 3 the user would be presented with at most 3 "Re-enter
>> Credentials" dialog box before having the client go into a different
>> mode where it fails and then gives the user a chance to enter user name
>> and password.
>
>  Storing data for (potentially) 100's of 1000's of users means "use a DB".

I was hoping to only store the value of retry remaining when there was a 
failure of authentication for the session.  The vast majority of 
connections to the radius server succeed since they are cashed in the 
machines of the users. Failure of passwords occur after a password change 
or when first connecting to the network both of which are a relatively rare 
occurrence.

Is there another preferred way to keep track of remaining retry counts for 
a particular session.

johnh...
>
>  My $0.02 is to write a Perl script to implement the logic, and use
> rlm_perl.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
>



More information about the Freeradius-Devel mailing list