Post-Auth-Type Accept vs Post-Auth-Type Reject 3.0.14

Wussler, Doug doug.wussler at fsu.edu
Mon Jun 19 18:57:42 CEST 2017


I’m using 3.0.14.

For a successful authentication, the log shows the Post-Auth routine executing
BEFORE the log record expansion and output.  This is handy because the
Post-Auth routine sets some variables used by the log message (as set
in radius.conf).

For an unsuccessful authentication, the log shows the Post-Auth-Type
“Reject” executing AFTER the log record expansion and output, which seems
inconsistent and prevents the setting of the variables used in the log.

Is this a bug or correct behavior?  If it is correct behavior, what is the reason
that we want Post-Auth to run BEFORE the log expansion but Post-Auth-Type
Reject to run AFTER the log expansion?

Doug Wussler
Florida State University




More information about the Freeradius-Users mailing list