how to add MSCHAPV2 Retry Max
Alan DeKok
aland at deployingradius.com
Wed May 11 16:10:18 CEST 2011
John.Hayward at wheaton.edu wrote:
>> Storing data for (potentially) 100's of 1000's of users means "use a
>> DB".
>
> I was hoping to only store the value of retry remaining when there was a
> failure of authentication for the session.
What's a "session"?
The RADIUS server doesn't track sessions. They're stored in a DB.
(Accounting start / interim / stop). The server tracks EAP
authentications, but that's different, and the EAP module already
implements a retry counter.
MSCHAP authentication doesn't involve the idea of "sessions". Look at
rlm_mschap: there is no session tracking.
> The vast majority of
> connections to the radius server succeed since they are cashed in the
> machines of the users. Failure of passwords occur after a password
> change or when first connecting to the network both of which are a
> relatively rare occurrence.
Sure.
> Is there another preferred way to keep track of remaining retry counts
> for a particular session.
First, define what a "session" is.
Second, realize that the server doesn't already do tracking for that
session. :(
Third, put session tracking into a DB. The server already integrates
with DBs.
Alan DeKok.
More information about the Freeradius-Devel
mailing list