[Q] Access-Reject logging

Nicolas Baradakis nbk at sitadelle.com
Thu Jun 30 18:37:29 CEST 2005


Andrey Panin wrote:

> > > I have rlm_perl module which performs some checks of Access-Request
> > > and if rlm_perl returns RLM_MODULE_REJECT freeradius sends Access-Reject,
> > > but this Access-Reject doesn't appear in detail log.
> > > 
> > > is there any way to log Access-Reject's generated in authorize section ?
> > 
> > See http://www.freeradius.org/radiusd/doc/Post-Auth-Type
> 
> Been here, done that. It doesn't help, looks like Access-Reject's generated
> during authorize phase are never passed to post_auth phase.

Indeed. I didn't read carefully enough, but you said the request was
rejected in 'authorize' phase, therefore neither 'authenticate' nor
'post-auth' phases will be run.

I think you could catch the reject in 'authorize' using a 'group' stanza.

authorize {
	group {
		my_perl {
			ok = return
			reject = 1
		}
		my_detail
	}
}

-- 
Nicolas Baradakis




More information about the Freeradius-Users mailing list