[Q] Access-Reject logging
Nicolas Baradakis
nbk at sitadelle.com
Thu Jun 30 18:37:29 CEST 2005
Andrey Panin wrote:
> > > I have rlm_perl module which performs some checks of Access-Request
> > > and if rlm_perl returns RLM_MODULE_REJECT freeradius sends Access-Reject,
> > > but this Access-Reject doesn't appear in detail log.
> > >
> > > is there any way to log Access-Reject's generated in authorize section ?
> >
> > See http://www.freeradius.org/radiusd/doc/Post-Auth-Type
>
> Been here, done that. It doesn't help, looks like Access-Reject's generated
> during authorize phase are never passed to post_auth phase.
Indeed. I didn't read carefully enough, but you said the request was
rejected in 'authorize' phase, therefore neither 'authenticate' nor
'post-auth' phases will be run.
I think you could catch the reject in 'authorize' using a 'group' stanza.
authorize {
group {
my_perl {
ok = return
reject = 1
}
my_detail
}
}
--
Nicolas Baradakis
More information about the Freeradius-Users
mailing list