How to log failed auth attempts?

[Todd R.]

>>>>
  Just... edit the queries.  Adding %{Module-Failure-Message} to the
queries should get you lots of that information.
>>>>

Am I suppose to put a Module name in place of "Module" or leave it as is? I
copied and pasted %{Module-Failure-Message} in place of
%{reply:Reply-Message} and I could no longer start FR.

I tried putting things in place of Module like pap, reply etc.. I also tried
the pap:Failure-Message format and so on. I guess I am just too Green at
FreeRadius to get what you are saying here. If you can help further then
it's appreciated, if you are just done with me, I also understand :)

Either way, happy holidays and thanks for the help so far.

Regards,
 Todd Routhier


-----Original Message-----
From:
freeradius-users-bounces+tjrlist=lightwavetech.com at lists.freeradius.org
[mailto:freeradius-users-bounces+tjrlist=lightwavetech.com at lists.freeradius.
org] On Behalf Of Alan DeKok
Sent: Thursday, December 18, 2008 3:03 AM
To: FreeRadius users mailing list
Subject: Re: How to log failed auth attempts?

Todd R. wrote:
> I also noticed that it said that many things are logged when running
> "radiusd -X" which explains some other things.. 

  That's the reason for the continual instructions to run in debug mode.

> Right now, I have something like this logging on a failed attempt in the
> MySQL DB within the radpostauth table:
> 
> id, username, pass, reply, authdate
> 41, dude at somerealm.com, mypass, Access-Accept, 2008-12-17 13:09:15
> 
> 
> What I would like to see is something like this:
> id, username, pass, reply, reply-message, authdate
> 41, dude at somerealm.com, mybadpass, Access-Accept, Login incorrect
(rlm_pap:
> CLEAR TEXT password check failed), 2008-12-17 13:09:15

  Just... edit the queries.  Adding %{Module-Failure-Message} to the
queries should get you lots of that information.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html