On Thu 10 Aug 2006 13:52, Mike Mitchell wrote:
Peter Nixon wrote:
Wouldn't it be better for us to be a bit more concise
about things? for
example:
Mon Aug 7 20:18:40 2006 : Auth: Login incorrect (realm:
myrealm proxy:
myproxy): [peter/peter] (from client NAS1 port 60000 cli XXXXXXXX)
Yeah, we do similar things, but worse! I hate legacy systems!
I've modified our source so that it puts the Reply-Message (if it exists) in the Login incorrect message. eg:
Mon Aug 7 20:18:40 2006 : Auth: Login incorrect (Home server says so: Account Disabled) [peter] (from client NAS1 port 60000 cli XXXXXXXX)
As we migrate away from legacy systems it gives us a single point of reference for authentication success/failures and the reasons.
I think it could be very handy to have this log message more configurable, but I'm not sure what overhead that would add, its at least another call to xlat, and on a busy system this log is written out a lot!
Heh. Yeah. Well, in my case they are customers not legacy systems. We are basically acting as a AAA clearing house (or something). I think such a patch certainly bears testing. The more relevant info you can give to an admin, the better he can do his job, and faster machines are cheaper than more admins! In any case I have not so far ever managed to stress FreeRADIUS... It's always been the backend that is working hard, not radiusd which rarely takes more than 1% of CPU. In a pure proxy environment that of course doesn't apply, but given that the SunFire (Opteron) boxes I use only run about $1000, adding an extra 2 (or 10) doesn't really cost allot. (Adding new database servers on the other hand is a different matter) Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc