Linelog module sending message twice that has "warning" or higher severity level.

Yiğit YAŞAR y.yasar92 at gmail.com
Thu Sep 10 08:58:37 CEST 2020


Dear Jorge thank you for guidance,

Here is my debug output on a failed authentication attempt.

(0) pap: Login attempt with password
(0) pap: Comparing with "known-good" SSHA2-512-Password
(0) pap: ERROR: SSHA2-512 digest does not match "known good" digest
(0) pap: Passwords don't match
(0)     [pap] = reject
(0)   } # Auth-Type PAP = reject
(0) Failed to authenticate the user
(0) Using Post-Auth-Type Reject
(0) # Executing group from file
/opt/radius/bin/freeradius/etc/raddb/sites-enabled/default
(0)   Post-Auth-Type REJECT {
(0) sql: EXPAND .query
(0) sql:    --> .query
(0) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (3)
(0) sql: EXPAND %{User-Name}
(0) sql:    --> user
(0) sql: SQL-User-Name set to 'user'
(0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( '%{SQL-User-Name}', '*****', '%{reply:Packet-Type}', '%S')
(0) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( 'user', '*****', 'Access-Reject', '2020-09-10 09:45:58')
(0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ( 'user', '*****', 'Access-Reject', '2020-09-10 09:45:58')
(0) sql: SQL query returned: success
(0) sql: 1 record(s) updated
rlm_sql (sql): Released connection (3)
(0)     [sql] = ok
(0) log_postreject: EXPAND User '%{User-Name}' authentication request
rejected by Radius!
(0) log_postreject:    --> User 'user' authentication request rejected by
Radius!
(0)     [log_postreject] = ok
(0) attr_filter.access_reject: EXPAND %{User-Name}
(0) attr_filter.access_reject:    --> user
(0) attr_filter.access_reject: Matched entry DEFAULT at line 11
(0)     [attr_filter.access_reject] = updated
(0)     [eap] = noop
(0)     policy remove_reply_message_if_eap {
(0)       if (&reply:EAP-Message && &reply:Reply-Message) {
(0)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(0)       else {
(0)         [noop] = noop
(0)       } # else = noop
(0)     } # policy remove_reply_message_if_eap = noop
(0)   } # Post-Auth-Type REJECT = updated
(0) Login incorrect (Failed retrieving values required to evaluate
condition): [user] (from client client10 port 1812)
(0) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(0) Sending delayed response
(0) Sent Access-Reject Id 217 from 192.168.17.164:1812 to
192.168.17.164:49999 length 20
Waking up in 3.9 seconds.
(0) Cleaning up request packet ID 217 with timestamp +15
Ready to process requests

Jorge Pereira <jpereira at freeradius.org>, 9 Eyl 2020 Çar, 20:01 tarihinde
şunu yazdı:

> First of all.
>
> Read the mailing list https://wiki.freeradius.org/guide/Users-Mailing-List
> <https://wiki.freeradius.org/guide/Users-Mailing-List> guidance, and then
> about how to share the debug output
> https://wiki.freeradius.org/guide/radiusd-X <
> https://wiki.freeradius.org/guide/radiusd-X>
> --
> Jorge Pereira
> jpereira at freeradius.org
>
>
>
>
> > On 9 Sep 2020, at 03:25, Yiğit YAŞAR <y.yasar92 at gmail.com> wrote:
> >
> > Hi all,
> >
> > I have some issue with the linelog module.
> >
> > My "linelog" configuration as in below;
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > *linelog {filename = syslogescape_filenames = nopermissions =
> > 0600syslog_facility = daemonsyslog_severity = infoformat = "This is a log
> > message for %{User-Name}"reference =
> > "messages.%{%{reply:Packet-Type}:-default}"}linelog log_postauth
> {filename
> > = syslogsyslog_facility = authprivsyslog_severity = infoformat = "User
> > '%{User-Name}' authenticated via Radius"}linelog log_postreject
> {filename =
> > syslogsyslog_facility = authprivsyslog_severity = warningformat = "User
> > '%{User-Name}' authentication request rejected by Radius!"}*
> >
> > Also in "default" configuration file is like ;
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > *post-auth {log_postauthlog_postrejectif (session-state:User-Name &&
> > reply:User-Name && request:User-Name && (reply:User-Name ==
> > request:User-Name)) {update reply {&User-Name !* ANY}}update {&reply: +=
> > &session-state:}-sqlexecremove_reply_message_if_eapPost-Auth-Type REJECT
> >
> {-sqllog_postrejectattr_filter.access_rejecteapremove_reply_message_if_eap}Post-Auth-Type
> > ACCEPT {log_postauth}Post-Auth-Type Challenge {}}*
> >
> > Problem is, when linelog sends log message with warning or higher
> severity,
> > log message sending twice.There is no problem with info or lower severity
> > level, they sending once.
> >
> > What could be the problem, do you have any idea?
> >
> > Thanks in advance
> > Yigit
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list