Post-Auth-Type Accept vs Post-Auth-Type Reject 3.0.14
I’m using 3.0.14. For a successful authentication, the log shows the Post-Auth routine executing BEFORE the log record expansion and output. This is handy because the Post-Auth routine sets some variables used by the log message (as set in radius.conf). For an unsuccessful authentication, the log shows the Post-Auth-Type “Reject” executing AFTER the log record expansion and output, which seems inconsistent and prevents the setting of the variables used in the log. Is this a bug or correct behavior? If it is correct behavior, what is the reason that we want Post-Auth to run BEFORE the log expansion but Post-Auth-Type Reject to run AFTER the log expansion? Doug Wussler Florida State University
On Jun 19, 2017, at 12:57 PM, Wussler, Doug <doug.wussler@fsu.edu> wrote:
For a successful authentication, the log shows the Post-Auth routine executing BEFORE the log record expansion and output.
*What* log record expansion and output? The server can log to multiple places...
This is handy because the Post-Auth routine sets some variables used by the log message (as set in radius.conf).
Which variables are you referring to? Again, the server can do multiple things... so please describe what you mean. Saying "the server does stuff..." is not very descriptive.
For an unsuccessful authentication, the log shows the Post-Auth-Type “Reject” executing AFTER the log record expansion and output, which seems inconsistent and prevents the setting of the variables used in the log.
Again... vagueness is unhelpful.
Is this a bug or correct behavior? If it is correct behavior, what is the reason that we want Post-Auth to run BEFORE the log expansion but Post-Auth-Type Reject to run AFTER the log expansion?
I'm not sure what you mean, and you didn't post a debug output to show what the server is doing, so I can't answer that question. Alan DeKok.
participants (2)
-
Alan DeKok -
Wussler, Doug