Logging Packet-Type of reply packets from inner-tunnel

Bob Franklin rcf34 at cam.ac.uk
Mon Mar 8 19:38:51 CET 2010


I'm trying to log aspects of the reply packet returned to the NAS at 
various stages during authentication using an inner tunnel, in particular 
the Packet-Type.  This is on FreeRADIUS 2.1.6.

My problem is that I can't find a way to retrieve this information in the 
middle of the inner tunnel sequence -- if the request is proxied, I can 
run a log module instance in 'post-proxy' to log 
%{proxy-reply:Packet-Type} and see things like 'Access-Challenge', 
'Access-Reject', etc.

However, I can't seem to do this with locally-handled packets -- I have 
'post-auth' which runs for 'Access-Accept' and (optionally, through 
'Post-Auth-Type REJECT'), 'Access-Reject'.  But I would like to be able to 
log the intermediate 'Access-Challenge' packets.

Putting %{reply:Packet-Type} at the end of the 'authorize' section doesn't 
work (I just get '0').

Is this something I can do?  If so, I'm sure I'm missing something obvious 
- can someone please point me in the right direction?  I would prefer to 
do the logging from inside the inner tunnel virtual server to have access 
to the inner tunnel attributes in the logging.

Thanks in advance,

   - Bob

  Bob Franklin <rcf34 at cam.ac.uk>              +44 1223 748479
  Network Division, University of Cambridge Computing Service

More information about the Freeradius-Users mailing list