Reporting from logs - patch

Alan DeKok aland at
Wed Sep 26 10:33:11 CEST 2012

Matthew Newton wrote:
> There are three small commits -

  It looks good.  Send a pull request and I'll add it in.

> I've tested it with successes and failures for PAP, EAP-TLS
> (check-eap-tls), PEAP and EAP-TTLS (inner-tunnel), and all work as
> expected.

  What about proxying the inner-tunnel stuff?  That probably still
works, too.

> The only thing I'm slightly unsure about is (1) - it seems to
> behave as expected, and seems the right place to put it, but I'm
> not 100%. On why rad_postauth was previously removed from
> rad_authenticate for rejects, my guess would be that there are so
> many places that rad_authenticate return for a reject, it would be
> called from several places. It's just tidier to do an if() and
> call it once after rad_authenticate has returned. rad_postauth is
> called immediately on failure, so reject_delay doesn't seem the
> right reason. But that's just my guess.

  I don't recall.  The server is getting a bit complicated.

  Part of the design goal of the new process.c state machine was to
simplify it.  I think I've been partially successful, but more work is

  Alan DeKok.

More information about the Freeradius-Devel mailing list