Logging ntlm authentication

schilling schilling2006 at gmail.com
Fri Nov 12 15:15:58 CET 2010


Thanks.

Could you please share the perl scripts and the corresponding
configuration in radiusd.conf like authorize and post-auth section
related to these logs?

Schilling




On Wed, Nov 10, 2010 at 10:04 PM, Garber, Neal
<Neal.Garber at iberdrolausa.com> wrote:
>> Could you please summarize what you did to log the output from
>> ntlm_auth and MS_CHAP-Error?
>
> Sure.  I should mention that other options are available now that didn't exist when I created the solution below...
>
> I have a PERL script that runs during authorize that obtains user/group or machine/container permissions for the NAS in question from XML files to determine whether the entity is authorized and it creates a Log-Data reply attribute containing all non-sensitive request attributes.  This is then written to syslog during post-auth by another PERL script.
>
> Our help desk and others use a .Net application that I wrote to display/filter the data from the current or past log files in a grid control.  The log contains specifics of the request, authorization and authentication results/messages and reply attributes.
>
> Does that answer your question?
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>




More information about the Freeradius-Users mailing list