how to add MSCHAPV2 Retry Max
Alan DeKok
aland at deployingradius.com
Fri May 13 15:09:31 CEST 2011
John.Hayward at wheaton.edu wrote:
>> What's a "session"?
> I probably used the wrong term here. What I intended to say was
> something like a "Negotiation" sequence. In rfc2759
That's nice. What does that have to do with RADIUS?
I'm not being obtuse here... I really mean that you need to look at
how this interacts with RADIUS.
Hint: it doesn't.
> Keeping track of the number of retries used in the current "Negotiation"
> sequence is what I am attempting.
As I've said repeatedly:
>> The RADIUS server doesn't track sessions.
...
>> MSCHAP authentication doesn't involve the idea of "sessions". Look at
>> rlm_mschap: there is no session tracking.
>
> I'll look at EAP module and see if the retry counter could be used to
> keep track of the retries of a particular "Negotiation" sequence of the
> MSCHAP authentication.
EAP != MSCHAP
You will need to write the same kind of session tracking in MSCHAP as
is currently done in EAP. You *cannot* re-use the EAP session tracking.
And for 99% of the situations, session tracking in MS-CHAP is pointless.
You're MUCH better off using a DB. Really. That's why I suggested
it. I'm not an idiot.
Alan DeKok.
More information about the Freeradius-Devel
mailing list