Does freeRADIUS tracks previous authentication results?
Alan DeKok
aland at deployingradius.com
Mon Dec 9 23:07:22 UTC 2024
On Dec 9, 2024, at 6:05 PM, Vedsar Kushwaha via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> I'm seeing the following logs:
>
> "Login incorrect (eap_peap: The user's session was previously rejected; returning reject (again))."
>
> I'm interested in the "again" word at the end of the log.
> How does FreeRADIUS know that the user authentication was previously rejected? Is it because FreeRADIUS maintains a state?
Yes. It's tracked via the State attribute. This is required by the RFCs for EAP authentication.
> If so, for how long does FreeRADIUS maintain this state?
Until the EAP session is accepted or rejected.
Alan DeKok.
More information about the Freeradius-Users
mailing list