new CVS version is a little quiet....
hi, recently upgraded a 2.0.4 CVS system to the 2.0.5 CVS and now the radius.log doesnt get populated with any OK or FAIL messages when users log in. config log{} section as per the standard distro and unchanged from the 2.0.4 - which logged these things auth = yes in the log{} section anyone else noted this? alan
A.L.M.Buxey@lboro.ac.uk wrote:
hi,
recently upgraded a 2.0.4 CVS system to the 2.0.5 CVS and now the radius.log doesnt get populated with any OK or FAIL messages when users log in.
config log{} section as per the standard distro and unchanged from the 2.0.4 - which logged these things
auth = yes in the log{} section
anyone else noted this?
Whilst looking at the CVS version the other day I noticed logging changes; you might do a source-compare to see the alterations.
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
A.L.M.Buxey@lboro.ac.uk wrote:
recently upgraded a 2.0.4 CVS system to the 2.0.5 CVS and now the radius.log doesnt get populated with any OK or FAIL messages when users log in.
Which messages?
config log{} section as per the standard distro and unchanged from the 2.0.4 - which logged these things
auth = yes in the log{} section
anyone else noted this?
I made some changes to make the code match the documented behavior. The default values for "auth_badpass" and "auth_goodpass" are "no", which *doesn't* log anything. When I tested it, I didn't see any logs when auth=yes, and good/badpass = no. Hence the changes. If you set good/badpass to "yes", you will see the log messages. Which messages specifically are you looking for? Alan DeKok.
Hi,
Which messages?
the old classic: Thu May 1 05:23:50 2008 : Auth: Login incorrect (rlm_pap: CLEAR TEXT password check failed): [nagios-2] (from client server1 port 0) Thu May 1 08:12:52 2008 : Auth: Login OK: [nagiostest] (from client amon port 0) Thu May 1 08:15:51 2008 : Auth: Login OK: [host/random-box.lboro.ac.uk] (from client Cisco-AP port 50013 cli 00-11-22-33-44-55 via TLS tunnel)
I made some changes to make the code match the documented behavior. The default values for "auth_badpass" and "auth_goodpass" are "no", which *doesn't* log anything.
ah. i think i see what you mean....and quick look at main/auth.c shows the the code now does if goodpass and the user asked to log good passwords then print if not a goodpass and the user asked to log not good passwords then print
When I tested it, I didn't see any logs when auth=yes, and good/badpass = no. Hence the changes. If you set good/badpass to "yes", you will see the log messages.
which is logical...but i think the wording and desciption of the behaviour is wrong in the config file then...i always thought that the goodpass and badpass would actually log the passwords themselves(!) - oh...but wait, it does!!! oh. thats not good. no, we need to have a safer logging....of just like it used to be - auth logging without the password printing. just print the username/stripped-user (config option) dont print the password if its good or bad. alan
A.L.M.Buxey@lboro.ac.uk wrote
which is logical...but i think the wording and desciption of the behaviour is wrong in the config file then...i always thought that the goodpass and badpass would actually log the passwords themselves(!) - oh...but wait, it does!!!
Maybe I just got confused.
oh. thats not good. no, we need to have a safer logging....of just like it used to be - auth logging without the password printing. just print the username/stripped-user (config option) dont print the password if its good or bad.
OK... I'll revert that change. My mistake. Alan DeKok.
hi, further to last message....users would choose to log the auths in radius.log but dont want to log good passwords or bad passwords... have submitted a 'bug' to handle the DIFF alan
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
Phil Mayers