update to my fault because not RTFM first. I add another sql to the sql.conf sql sql_failed_reject { driver = "rlm_sql_mysql" server = "localhost" login = "xxx" password = "xxx" radius_db = "radius" postauth_table = "radpostauth" authcheck_table = "radcheck" authreply_table = "radreply" groupcheck_table = "radgroupcheck" groupreply_table = "radgroupreply" usergroup_table = "usergroup" nas_table = "nas" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" acct_table1 = "radacct" num_sql_socks = 3 connect_failure_retry_delay = 60 postauth_query = "INSERT into ${acct_table1} (radacctid, username, nasipaddress, nasportid, acctterminatecause, acctstarttime, acctstoptime, callingstationid, servicetype, framedprotocol, framedipaddress,acctauthentic) values ('', '%{User-Name}', '%{NAS-IP- Address}', '%{NAS-PORT}', '%{reply:Packet-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '% S', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '% {Framed-IP-Address}', '%{Acct-Authentic}')" } then I put sql_failed_reject to the postauth section in radiusd.conf post-auth { # Get an address from the IP Pool. # main_pool reply_log sql # sql_log # ldap Post-Auth-Type REJECT { #insert-module-name-here #sql sql_failed_reject } } modify dialup admin failed login page to check for Access Reject. that's it, now I can see failed user in dialup admin thanks for freeradius === On Wed, 2007-01-31 at 19:42 +0700, kemas wrote:
I have a small accounting problem with freeradius and dialup admin which I can't find a way to solve it.
I've set freeradius to authenticate EAP-TLS, I want to log people who failed to authenticate to mysql with rlm_sql, which will show in dialup admin failed login page.
I put in radiusd.con post-auth section the sql module: Post-Auth-Type REJECT { #insert-module-name-here sql }
the post-auth query in sql.conf: postauth_query = "INSERT into ${postauth_table} (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap- Password}', '%{reply:Packet-Type}', NOW())"
the sql query runs well, it put the failed login to the radpostauth table but the dialup admin failed login page is searching to the radacct table for the failed user which will never find it.
am I doing the right way to put the sql module inside the post-auth? or should I put it in other section?
I don't want to change the postauth_query but is there any way to add another query to put the data to radacct table?
thanks in advance
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html