Question on logging EAP/PEAP authentication rejections

Josh Hiner josh at remc1.org
Tue Mar 20 02:15:38 CET 2012


Alan. Thanks for the reply. One of my previous emails I did put
reply_log in the post auth reject spot. Im also copying the user from
the inner tunnel to the outer tunnel. I am getting reject logs but
without the username. I swear I have read the section above the post
auth reject spot in my default file under sites enabled and I do have
stuff in that section as it clues me to. I must be missing something
though obviously.

Thanks -josh

Sent from my iPhone

On Mar 19, 2012, at 6:32 PM, Alan Buxey <A.L.M.Buxey at lboro.ac.uk> wrote:

> Hi,
>
>>   Ok I went back, looked at the config, and used some common sense to figure
>>   part of it out. I have it now logging replys for rejects using the
>
>
> ...to remind you what Alan said:
>
>>     �Read raddb/sites-available/default. �Look for Post-Auth-Type Reject.
>>
>>     �This is documented.
>
>
> in post-auth section
>
>
>    Post-Auth-Type REJECT {
>        attr_filter.access_reject
>    }
>
> put things in that bit
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list