On Jul 9, 2015, at 7:44 PM, timradius@ykwc.com wrote:
Hello, I am trying to log incorrect password attempts, and am having trouble.
I have log_auth_badpass enabled in my radiusd.conf file: log_auth = yes log_auth_badpass = yes
I am using eap-peap with mschapv2 for security
Which means it won't log the bad passwords. Because there's no password in the request.
Which just shows a '' being inserted into "pass", which is what I am seeing of course. Is there a flag I need to set to get this to work with my security settings
MS-CHAP doesn't contain a password. So the password can't be logged, because it doesn't exist.
What I am ultimately trying to do is find a way to get into an access point that has an incorrect secret, at this point I am completely locked out when the secret is incorrect.
You have to fix the shared secret. You can't break the security of the protocol. Re-image the AP, or throw it out, and buy a new one. Alan DeKok.