Hi, I am using freeradiusd 2.0.2 I have edited config files, so radiusd.conf has: ---snip--- detail auth_log { detailfile = ${radacctdir}/requests/%{Client-IP-Address}/auth-detail-%Y%m%d_%{EAP-Type} # detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d # # This MUST be 0600, otherwise anyone can read # the users passwords! # detailperm = 0600 # You may also strip out passwords completely suppress { User-Password } } ---snip--- and /etc/raddb/sites-available/default has: eap { ok = return } authorize { preprocess chap mschap suffix eap { ok = return } unix files ldap expiration logintime pap auth_log } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } unix Auth-Type LDAP { ldap } eap } preacct { preprocess acct_unique suffix files } accounting { detail unix radutmp attr_filter.accounting_response } session { radutmp } post-auth { Post-Auth-Type REJECT { attr_filter.access_reject } } pre-proxy { } post-proxy { eap } Now, I get files log as follows: -rw------- 1 radiusd radiusd 928 Oct 27 11:01 auth-detail-20081027_NAK -rw------- 1 radiusd radiusd 411 Oct 27 11:01 auth-detail-20081027_MS-CHAP-V2 -rw------- 1 radiusd radiusd 6757 Oct 27 11:10 auth-detail-20081027_Identity -rw------- 1 radiusd radiusd 1195 Oct 27 11:10 auth-detail-20081027_ But still, it says nothing if supplicant is using TTLS or PAP which is what I'd like to see as filenames suffixes. Am I missing something? Thanks in advance! -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
detail auth_log { detailfile = ${radacctdir}/requests/%{Client-IP-Address}/auth-detail-%Y%m%d_%{EAP-Type} # detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
..
But still, it says nothing if supplicant is using TTLS or PAP which is what I'd like to see as filenames suffixes. Am I missing something?
Try EAP-Type-TTLS and EAP-Type-PEAP instead of EAP-Type. Ivan Kalik Kalik Informatika ISP
2008/10/27 <tnt@kalik.net>:
detail auth_log { detailfile = ${radacctdir}/requests/%{Client-IP-Address}/auth-detail-%Y%m%d_%{EAP-Type} # detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
..
But still, it says nothing if supplicant is using TTLS or PAP which is what I'd like to see as filenames suffixes. Am I missing something?
Try EAP-Type-TTLS and EAP-Type-PEAP instead of EAP-Type.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sorry, but I don't understand, if I set ${radacctdir}/requests/%{Client-IP-Address}/auth-detail-%Y%m%d_EAP-Type-TTLS always be appended with "_EAP-Type-TTLS" and if I set ${radacctdir}/requests/%{Client-IP-Address}/auth-detail-%Y%m%d_%{EAP-Type-TTLS} won't work either. Am I doing something wrong? Thanks in advance! -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
2008/10/27 Sergio Belkin <sebelk@gmail.com>:
2008/10/27 <tnt@kalik.net>:
detail auth_log { detailfile = ${radacctdir}/requests/%{Client-IP-Address}/auth-detail-%Y%m%d_%{EAP-Type} # detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
..
But still, it says nothing if supplicant is using TTLS or PAP which is what I'd like to see as filenames suffixes. Am I missing something?
Try EAP-Type-TTLS and EAP-Type-PEAP instead of EAP-Type.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sorry, but I don't understand, if I set ${radacctdir}/requests/%{Client-IP-Address}/auth-detail-%Y%m%d_EAP-Type-TTLS always be appended with "_EAP-Type-TTLS" and if I set ${radacctdir}/requests/%{Client-IP-Address}/auth-detail-%Y%m%d_%{EAP-Type-TTLS} won't work either.
Am I doing something wrong?
Thanks in advance!
-- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
Well I came back to my earlier configuration: ---snip--- detail auth_log { detailfile = ${radacctdir}/requests/%{Client-IP-Address}/auth-detail-%Y%m%d_%{EAP-Type} # detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d # # This MUST be 0600, otherwise anyone can read # the users passwords! # detailperm = 0600 # You may also strip out passwords completely suppress { User-Password } } ---snip--- So far is the best I could do, I guess: auth-detail-20081029_MS-CHAP-V2 means PEAP try (?) auth-detail-20081029_NAK means unacceptable type auth-detail-20081029_Identity means TTLS (??) auth-detail-20081029_ means Access Accept (??) I'd like to read more about it... -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -
participants (2)
-
Sergio Belkin -
tnt@kalik.net