On Thu, Jan 14, 2016 at 08:59:31AM +0100, Micha?? B wrote:
Imagine two different situations about denied clients:
1. Technician has set wrong login or password on authenticated device. I need messages in log, for debugging reason. 2. The user device has been blocked by administrator (no payment, or something like that). The device is trying to authenticate every second, filling radius logs with tons of unnecessary messages.
I want to get rid of messages coming from situations like 2, but still have messages from situations like 1.
I don't remove prohibited users from the authentication DB. I just set them to use IPs from a pool which NATs all web traffic to a webserver whose error document is a page explaining that they are not authorized to use the system for one of several possible reasons. They get a link to a customer portal where they can resolve the no payment situation and a phone number to call if they don't think they have a billing issue. It cuts way down on bad login attempts, and tends to lead to the resolution of the underlying issue. It's not a FreeRADIUS technical solution, but it could help to achieve your goal of smaller logs. -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org