How to log failed auth attempts?

Todd R. tjrlist at lightwavetech.com
Thu Dec 18 00:53:31 CET 2008 

I do see this query in sql/mysql/dialup.conf that controls the insert:

        postauth_query = "INSERT INTO ${postauth_table} \
                          (username, pass, reply, authdate) \
                          VALUES ( \
                          '%{User-Name}', \
                          '%{%{User-Password}:-%{Chap-Password}}', \
                          '%{reply:Packet-Type}', '%S')"

I am guessing I need to modify this query and the DB schema to suite my
needs.

What variable can I use to pull the reject reason, is it something like
%{reply:Reply-Message}?

Am I missing anything else to accomplish this?

Is there a list of available variables to use in this situations and what
they mean?

Thanks again!

Regards,
 Todd Routhier

-----Original Message-----
From:
freeradius-users-bounces+tjrlist=lightwavetech.com at lists.freeradius.org
[mailto:freeradius-users-bounces+tjrlist=lightwavetech.com at lists.freeradius.
org] On Behalf Of Todd R.
Sent: Wednesday, December 17, 2008 2:15 PM
To: 'FreeRadius users mailing list'
Subject: RE: How to log failed auth attempts?

Alan,

 Thanks for your response.. 

First, I can't believe I missed this section of the radiusd.conf file, I
looked, really I did :)

I also noticed that it said that many things are logged when running
"radiusd -X" which explains some other things.. 

I made some changes and now I have sufficient log info in the text files.

Hate to push my luck here but I would love to expand what is being logged
SQL wise in my MySql db.

Right now, I have something like this logging on a failed attempt in the
MySQL DB within the radpostauth table:

id, username, pass, reply, authdate
41, dude at somerealm.com, mypass, Access-Accept, 2008-12-17 13:09:15


What I would like to see is something like this:
id, username, pass, reply, reply-message, authdate
41, dude at somerealm.com, mybadpass, Access-Accept, Login incorrect (rlm_pap:
CLEAR TEXT password check failed), 2008-12-17 13:09:15

Any help with this would be appreciated.

Regards,
 Todd R.

-----Original Message-----
From:
freeradius-users-bounces+tjrlist=lightwavetech.com at lists.freeradius.org
[mailto:freeradius-users-bounces+tjrlist=lightwavetech.com at lists.freeradius.
org] On Behalf Of Alan DeKok
Sent: Wednesday, December 17, 2008 5:32 AM
To: FreeRadius users mailing list
Subject: Re: How to log failed auth attempts?

Todd R. wrote:
> It seems that most things I have read suggest that failed authentication
> attempts are logged to the radius.log by default but they do not show up
for
> me.

  Edit raddb/radiusd.conf, and read the "log" section.  It has
configuration entries that control this behavior.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list