How to log failed auth attempts?

Alan DeKok aland at
Thu Dec 18 10:03:20 CET 2008

Todd R. wrote:
> I also noticed that it said that many things are logged when running
> "radiusd -X" which explains some other things.. 

  That's the reason for the continual instructions to run in debug mode.

> Right now, I have something like this logging on a failed attempt in the
> MySQL DB within the radpostauth table:
> id, username, pass, reply, authdate
> 41, dude at, mypass, Access-Accept, 2008-12-17 13:09:15
> What I would like to see is something like this:
> id, username, pass, reply, reply-message, authdate
> 41, dude at, mybadpass, Access-Accept, Login incorrect (rlm_pap:
> CLEAR TEXT password check failed), 2008-12-17 13:09:15

  Just... edit the queries.  Adding %{Module-Failure-Message} to the
queries should get you lots of that information.

  Alan DeKok.

More information about the Freeradius-Users mailing list