On Oct 30, 2019, at 4:02 PM, Boris Lytochkin <lytboris@yandex-team.ru> wrote:
post-auth { auth_log Post-Auth-Type REJECT { auth_log
That should work. But it does not for the "State" error - packet holding Access-Reject is not recorded via detail.
Hmm... it should be. Maybe the reject is coming from *inside* of the TLS tunnel? Though it shouldn't be.
Yep, the thing is that "State" message goes into radius log but Access-Reject packet is not being logged into auth_log. If you do not have any ideas why this happens I would go with further debugging via raddebug as we're unable to reproduce the issue in the lab environment.
I don't know why this happens, sorry.
pp/s. Is there a way to print packet identifier as it is sent over the wire into detailed log? I made a trivial patch for that seeing no documented way exist to do that: Not really. We can take a look at adding it. Before I make a pull request it would be nice to know if that patch is good enough or I should re-write it as an attribute to be usable anywhere?
I checked, uou can use %I to get the packet ID. Alan DeKok.