log failed logins

Cory Robson cory at cmi.net.au
Wed Jan 24 02:36:09 CET 2007

I have the following sql in my sql conf file and this is working.

My only gripe is if there is no info provided then what gets placed in the
log. It appears in the case of User-Password that a default of Chap-Password
is entered as per below.

Does anyone have a list of attributes I can log on failed attempts and the
structure for the SQL statement.

Eg %{reply:Reply-Message} quite often gives me "=5Cr=5CnYou are already
logged in - access denied=5Cr=5Cn=5Cn" whereas I obviously only need the
statement you are already logged in.

I assume that an attribute followed by :- means to place what follows in the
event of no data provided.

Looking for lots of clarification here.

postauth_query = "INSERT into ${postauth_table} (id, user, pass, reply,
date, callingid) values ('', '%{User-Name}',
'%{User-Password:-Chap-Password}', '%{reply:Reply-Message}', NOW(),



More information about the Freeradius-Users mailing list