how to record certificates error in radius.log?

WWF weiweif at 126.com
Sat Jul 17 05:45:42 CEST 2010


hi, all!

Now I want to record the user access history in the radius.log file. I use fr 2.19 and ttls-mschapv2.

 I notice that it now only records the user/password log in the radius.log file. 

for example,

when I use a correct password for user "test", 
Tue Jul 13 12:03:49 2010 : Auth: Login OK: [test/<via Auth-Type = EAP>] (from client localhost port 0 via TLS tunnel)
Tue Jul 13 12:03:49 2010 : Auth: Login OK: [anonymous_identity/<via Auth-Type = EAP>] (from client localhost port 0 cli 02-00-00-00-00-01)


when I use a wrong password for user "test", 
Tue Jul 13 12:04:09 2010 : Auth: Login incorrect: [test/<via Auth-Type = EAP>] (from client localhost port 0 via TLS tunnel)
Tue Jul 13 12:04:09 2010 : Auth: Login incorrect: [anonymous_identity/<via Auth-Type = EAP>] (from client localhost port 0 cli 02-00-00-00-00-01)

But no log is recorded if the certificates is wrong (which is possible in real scenarios). 

I have noticed that if the certificates is wrong, the "radiusd  -Xxxxx" will output things like that:

Fri Jul 16 17:23:30 2010 : Info: [eap] EAP NAK
Fri Jul 16 17:23:30 2010 : Info: [eap] EAP-NAK asked for EAP-Type/ttls
Fri Jul 16 17:23:30 2010 : Info: [eap] processing type  askedtls

If this notifys the wrong certificate? Then maybe I can put a "radlog" in the following part of eap.c?:

    case PW_EAP_NAK:
        /*
         *    The NAK data is the preferred EAP type(s) of
         *    the client.
         *
         *    RFC 3748 says to list one or more proposed
         *    alternative types, one per octet, or to use
         *    0 for no alternative.
         */
        RDEBUG2("EAP NAK");



thanks a lot!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100717/a0e857ec/attachment.html>


More information about the Freeradius-Users mailing list