SQL insert on TLs failure

Alan DeKok aland at deployingradius.com
Mon Dec 1 19:31:39 CET 2014


On Dec 1, 2014, at 7:22 AM, Dean Goldhill <dgoldhill at netutils.com> wrote:
> I want to write a record to the MySQL database when a client sends a TLS close notification.
> So when a laptop is not properly configured to trust our CA, the client sends a TLS close notification.
> And in the log we see something like: “Auth: Login incorrect (TLS Alert read:warning:close notify):”

  The “TLS Alert…” message is contained in the Module-Failure-Message attribute.

> I know why this is happening, but I just want to write an entry to the database so we have a record of which users are failing because of this reason.
> Is it possible to do this?

  Yes.  Configure “sql” in the “Post-Auth-Type Reject” section.  Then, edit the “postauth_query” (2.x) to include %{Module-Failure-Message}

  Alan DeKok.



More information about the Freeradius-Users mailing list