Disabling log entries for rejected users
Scott Lambert
lambert at lambertfam.org
Fri Jan 15 00:24:38 CET 2016
On Thu, Jan 14, 2016 at 08:59:31AM +0100, Micha?? B wrote:
> Imagine two different situations about denied clients:
>
> 1. Technician has set wrong login or password on authenticated device. I
> need messages in log, for debugging reason.
> 2. The user device has been blocked by administrator (no payment, or
> something like that). The device is trying to authenticate every second,
> filling radius logs with tons of unnecessary messages.
>
> I want to get rid of messages coming from situations like 2, but still
> have messages from situations like 1.
I don't remove prohibited users from the authentication DB. I just set
them to use IPs from a pool which NATs all web traffic to a webserver
whose error document is a page explaining that they are not authorized
to use the system for one of several possible reasons. They get a link
to a customer portal where they can resolve the no payment situation and
a phone number to call if they don't think they have a billing issue.
It cuts way down on bad login attempts, and tends to lead to the
resolution of the underlying issue. It's not a FreeRADIUS technical
solution, but it could help to achieve your goal of smaller logs.
--
Scott Lambert KC5MLE Unix SysAdmin
lambert at lambertfam.org
More information about the Freeradius-Users
mailing list