Well that did not work. That is what I was trying to look at the C file. If needed I can paste my whole config if needed, but here is that one section of the config: suppress { User-Password } Here is output form radius debug: rad_recv: Access-Request packet from host 198.111.224.36:32798, id=106, length=138 User-Name = "simple" User-Password = "abc123" NAS-IP-Address = 198.111.224.36 Service-Type = Login-User Framed-IP-Address = 141.213.227.94 Called-Station-Id = "00:07:E9:D1:8F:C2" Calling-Station-Id = "" NAS-Identifier = "wg-lab1100.ilab" Acct-Session-Id = "00:07:E9:D1:8F:C2:1151002507" NAS-Port-Type = Wireless-802.11 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/usr/local/var/log/radius/radacct/198.111.224.36/auth-detail-20060622' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/198.111.224.36/auth-detail-20060622 modcall[authorize]: module "auth_log" returns ok for request 0 rlm_realm: No '@' in User-Name = "simple", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "simple" rlm_realm: Proxying request from user simple to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry simple at line 77 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [simple/abc123] (from client wg-lab1100.ilab port 0 cli ) Sending Access-Accept of id 106 to 198.111.224.36 port 32798 Finished request 0 Am I misinterpreting what tihs does or missing something?
Date: Thu, 22 Jun 2006 19:09:22 +0200 From: Stefan Winter <stefan.winter@restena.lu> Subject: Re: So how do you suppress To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <200606221909.22270.stefan.winter@restena.lu> Content-Type: text/plain; charset="iso-8859-1"
Hi,
So how do I actually suppress the user password from the detail log based on this? Looking at the rlm_detail file and I might as well be looking at a foreign language.
I don't use this directive, so I might be wrong but my guess is: you don't need to look at the source of rlm_detail (which is indeed written in a foreign language, it's called "C") but have to add this directive in radiusd.conf, in the instances of detail ... { ... suppress }
If that doesn't do it, it was wrong. Then you would need to wait for someone with more knowledge in this list to clear things up.
Greetings,
Stefan Winter
-- Stefan WINTER
Fondation RESTENA - R�seau T�l�informatique de l'Education Nationale et de la Recherche - Ing�nieur de recherche
6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg
-- Walter Reynolds University of Michigan
Walter Reynolds <waltr@umich.edu> wrote:
If needed I can paste my whole config if needed, but here is that one section of the config: ...
OK... You're telling it to *not* write the User-Password to the detail file.
Here is output form radius debug: ...
A normal Access-Request.
Am I misinterpreting what tihs does or missing something?
Since you've been careful to not explain what you think it's supposed to do, I'll guess. You're surprised that the DEBUG LOG contains User-Password when you said to not write it to the DETAIL FILE. Now go back and read that sentence again. Think hard. From the debug log again:
/usr/local/var/log/radius/radacct/198.111.224.36/auth-detail-20060622
Hmm.. maybe you want to go read that file, to see if it contains User-Password. Odds are it doesn, in fact, because you suppressed User-Password in the normal "detail" module, and not in the "auth_log" module. Alan DeKok.
participants (2)
-
Alan DeKok -
Walter Reynolds