We've rolled out FreeRADIUS as the authentication and authorization server for our University-wide WLAN with 30,000+ users. Our help desk (general IT, not wireless-specific) support staff is made up of student workers, with full-time second-level support and us sysadmins/wireless engineers for third-level support. As we've rolled out WPA2 and the supplicants give no useful information about authentication failures to end-users, our help desk is being inundated with "help, I can't login" calls. We do auth logging to MySQL. Help desk staff are not given access to our authentication servers, so our current solution is to use lots of unlang config kludge in authorize{} to defer any notfound or reject module responses (configurable failover), then use if statements to check the actual return of the module. If it's a "bad" user (notfound, reject, etc.) we set a locally-defined string attribute (control:Reject-Reason) and then reject the user, and Post-Auth Type Reject logs to SQL including that string reason. Which is then accessible in a read-only web tool for the help desk. 1) How do other people - specifically organizations with a help desk large enough that they're distinctly separate from anyone with enough privs to tail a log file - handle user support of authentication failures? 2) This is proving problematic with users who have EAP misconfigurations, empty LDAP passwords, etc. that only manifest as a module failure and only show up in the log file. I've been considering patching the relevant modules to add/update an attribute on failure, since currently AFAIK this information is only available in the log file, and not anywhere that I can include in the SQL post-auth log. Has anyone else done anything similar? Or is more detailed module failure information accessible through something that I haven't been able to find in the docs? Thanks for any advice/insights, Jason -- Jason Antman System Administrator Rutgers University OIT Central Systems & Services / NetOps Office: 732-445-6363 Cell: 732-983-7256 jantman@oit.rutgers.edu