MS-CHAP-V2 with no retry

Phil Mayers p.mayers at
Fri Mar 4 00:09:42 CET 2011

> It has been reported that if the Microsoft NPS server is configured
> for no retries (E=691 R=0) that mac/iphones/ipads then act like
> windows xp machines in that they report to the user that the password
> needs attention.
> Would it be possible to modify rlm_mschap.c to be conigured as to how
> many retries were allowed before returning authentication failure
> with no retry?

Obviously it's possible. It's not clear it would help though; are you 
using plain MS-CHAP or EAP-MSCHAP?

Can you explain what you're trying to accomplish; I didn't really 
understand your email in full (not sure what the stuff about Macs was 
all about; not sure whether "change password" means "user tries again 
with a different password string" or "user executes the change-password 
protocol because their old one has expired)

More information about the Freeradius-Users mailing list