how to add MSCHAPV2 Retry Max

Alan DeKok aland at
Wed May 11 16:10:18 CEST 2011

John.Hayward at wrote:
>>  Storing data for (potentially) 100's of 1000's of users means "use a
>> DB".
> I was hoping to only store the value of retry remaining when there was a
> failure of authentication for the session.

  What's a "session"?

  The RADIUS server doesn't track sessions.  They're stored in a DB.
(Accounting start / interim / stop).  The server tracks EAP
authentications, but that's different, and the EAP module already
implements a retry counter.

  MSCHAP authentication doesn't involve the idea of "sessions".  Look at
rlm_mschap: there is no session tracking.

>  The vast majority of
> connections to the radius server succeed since they are cashed in the
> machines of the users. Failure of passwords occur after a password
> change or when first connecting to the network both of which are a
> relatively rare occurrence.


> Is there another preferred way to keep track of remaining retry counts
> for a particular session.

  First, define what a "session" is.

  Second, realize that the server doesn't already do tracking for that
session. :(

  Third, put session tracking into a DB.  The server already integrates
with DBs.

  Alan DeKok.

More information about the Freeradius-Devel mailing list