Logging Authentication Rejects
Kristoffer Milligan
kristoffer at nextnet.no
Thu Jan 20 11:17:21 CET 2011
radiusd: FreeRADIUS Version 2.2.0, for host i686-pc-linux-gnu, built on
Apr 30 2010 at 09:48:09
root at hostname:~# lsb_release -a
Distributor ID: Ubuntu
Description: Ubuntu 9.10
Release: 9.10
Codename: karmic
Good day list,
I am trying to set up some logging on my radius server. The server is
responsible for a WiMAX network running on equipment from Alvarion.
After a troublesome start, things are starting to straighten out.
I've now reached the point where I want to apply some additional logging
to start ironing out minor bugs. Running FR in debug mode, I see the
occasional access-reject (mostly caused by wrongly configured
username/passwords), and I would like to log these to my database.
In my default tunnel, I have added sql_log module to the post-auth
section, subsection Post-Auth-Type REJECT. The default SQL looks like this:
# Post-Auth = "INSERT INTO ${postauth_table} \
# (username, pass, reply, authdate) VALUES \
# ('%{User-Name}', '%{User-Password:-Chap-Password}', \
# '%{reply:Packet-Type}', '%S');
which would provide a line of log (in my case) looking something like this:
Incremental Id, =F8=F334534534645645645687 at WiMAX.com, '',
'Access-Reject', DATETIME.
(The username is jus something I typed out, but that's what they look like).
This data is good to give me an idea of how many access rejects I am
getting, but I have no clue from what usernames they are coming, nor WHY
they were rejected. I know that the username in the inner tunnel is
plaintext as well, meaning it looks like i.e kristoffer at WiMAX.com.
My question is;
What should my SQL look like if I want to log the following data:
Incremental id, 'Attempted/Cleartext Username', 'Attempted/Cleartext
password', 'Access-Reject - {Rejection-Reason}', DATETIME ?
Looking forwards to your replies..
Sincerely,
Kristoffer Milligan
More information about the Freeradius-Users
mailing list