More information in the post auth?
I'm just about done converting to use freeradius exclusively, but have one more rather daunting task to get done. I need more information for failed logins. What variables are available that will tell me which check item failed and why? For example, if it's the password, how about access to the attempted password? "Chap-Password" doesn't cut it when dealing with most of our customers. We need to be able to see that the password field is blank because Windows XP decided to unsave it, or that they need to spell Jesus with a 'u' and not an 'a.' Any pointers to appropriate documentation would be greatly appreciated. Thanks, -- Troy Settle Pulaski Networks 866.477.5638 http://www.psknet.com
Troy Settle <troy@psknet.com> wrote:
What variables are available that will tell me which check item failed and why?
Debugging mode, and often not even that. What you're asking for is logging of *every* decision in the server, which is difficult & expensive.
For example, if it's the password, how about access to the attempted password? "Chap-Password" doesn't cut it when dealing with most of our customers. We need to be able to see that the password field is blank because Windows XP decided to unsave it, or that they need to spell Jesus with a 'u' and not an 'a.'
If the server prints CHAP-Password in a failure message, it's because the request has a CHAP password. That means there's NO WAY to know what the user entered, other than it didn't match the stored password. Alan DeKok.
participants (2)
-
Alan DeKok -
Troy Settle