post-auth section entered twice?
Phil Mayers
p.mayers at imperial.ac.uk
Wed May 21 17:03:41 CEST 2008
>
> post-auth {
> # rejected requests
> Post-Auth-Type REJECT {
> log_reject
> }
>
> # accepted requests
> log_accept
> }
>
> But unfortunately, post-auth seems to be entered twice, and the log
> looks like this:
>
> 2008-05-21 15:18:51 REJECT radius.test
> 2008-05-21 15:19:44 ACCEPT radius.test
> 2008-05-21 15:19:44 ACCEPT radius.test
This is happening because the post-auth section is matched twice; once
for the "inner" EAP tunnelled request, and once for the final outer EAP.
> The freeradius version used is the current Debian stable package,
> 1.1.3-3, extended by self-compiled EAP modules compiled from source.
Upgrade to 2.0.4 and use the virtual server function; put your logging
section in the post-auth section of the inner tunnel only
More information about the Freeradius-Users
mailing list