Hello,

 

When using EAP PEAP or TTLS, if I try to write the ‘%{Module-Failure-Message}’ in the post-auth section to SQL, the value is blank when the reason is incorrect password.

When using a non-tunnelled authentication protocol, it correctly displays ‘rlm_pap: CLEAR TEXT password check failed’

 

I think I know why this is happening,  because the rejection happens prior to the last message in the EAP sequence, so the value of the module-failure-message is no longer populated in the last message sent to the device, which is when the post-auth is done.

And I have read somewhere that using the caching feature can cache the value of the module-failure-message at the point of it happening, and then retrieve it when the post-auth is done.

 

But I can’t see to find any examples how to do this specifically using the cache feature.

Does anyone have a working example of this they would like to share with me please?

 

Thanks