On 23/11/2021 12:41, Drew Weaver wrote:
We have a lot of devices so it would really be useful if FreeRADIUS could log what client the request comes from.
The RADIUS "client" is the NAS - this might not be what you want. There may be attributes such as Calling-Station-Id which are most appropriate, rather than what the "client" is.
Does anybody know how I can adjust it so that it says something like
1. Login incorrect (pap: Crypt digest does not match "known good" digest): [drew] (from client localhost port 0) from 192.168.55.2
You can alter it in radiusd.conf - see the log{} section, e.g. msg_goodpass and msg_badpass.
Where 192.168.55.2 is the IP address that sent the RADIUS auth request?
That is the NAS - which is probably not what you want. The NAS is already shown ("from client localhost"). But e.g. something like msg_badpass = "MAC:%{Calling-Station-ID}" might be a start. See the debug output for what attributes are available.
I believe that the information inside of the ( ) is sent from the device itself
No. You can see what comes from the NAS in the RADIUS attributes in the debug output - only some of that comes from the end device.
Any way to speed up the process of remediation is tremendously helpful.
Also take a look at the linelog module, it's a lot more flexible than the built-in auth logging. -- Matthew