How to log Access-Accept reply attributes/values in radpostauth sql

Alan DeKok aland at deployingradius.com
Sat Aug 26 15:14:46 CEST 2017


On Aug 26, 2017, at 4:54 AM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
> 
> We might be able to do something with %{reply:[*]} in v4.0.x but there’s nothing like that in 3.0.x.

  I took a look, and it actually is in 3.0.x  I pushed some fixes, tho.

  The functionality of the server is getting too big to for me to remember it all any more. :(

	update reply {
	       Filter-Id := "%{request:[*]}"
	}

...
Sent Access-Request Id 139 from 0.0.0.0:63328 to 127.0.0.1:1812 length 87
	User-Name = "bob"
	User-Password = "bob"
	NAS-IP-Address = 127.0.0.1
	Framed-IP-Address = 127.0.0.1
	Called-Station-Id = "aabbcc000001"
	Message-Authenticator := 0x00
Received Access-Accept Id 139 from 127.0.0.1:1812 to 0.0.0.0:0 length 97
	Filter-Id = "bob,bob,127.0.0.1,127.0.0.1,aabbcc000001,0x26ca3008fc50d3d1061e83c249ab10a0"

  The last hex blob is the Message-Authenticator.

  For v4, I'm inclined to skip decoding the Message-Authenticator entirely.  No one bases policies on it, and it's already added automatically where necessary.

  Alan DeKok.




More information about the Freeradius-Users mailing list