Cory Robson wrote:
Does anyone have a list of attributes I can log on failed attempts and the structure for the SQL statement.
No, because the list of attributes depends on what the NAS sends, and on your local configuration. Some modules add Module-Message, but not all do.
Eg %{reply:Reply-Message} quite often gives me "=5Cr=5CnYou are already logged in - access denied=5Cr=5Cn=5Cn" whereas I obviously only need the statement you are already logged in.
I assume that an attribute followed by :- means to place what follows in the event of no data provided.
Yes. See doc/variables.txt
Looking for lots of clarification here.
postauth_query = "INSERT into ${postauth_table} (id, user, pass, reply, date, callingid) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Reply-Message}', NOW(), '%{Calling-Station-Id}')"
Failed authentications are logged to radius.log. See rad_authlog() in src/main/auth.c for what it logs, and what may be available. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog