Log file differentiation

Alexander Clouter alex at digriz.org.uk
Thu Sep 17 00:25:23 CEST 2009


Hi,

Nathan McDavit-Van Fleet <nmcdavit at alcor.concordia.ca> wrote:
> 
> Is there anyway to have Freeradius log whether a connection is either PEAP
> or TTLS in the log file? Both of them indicated that it is through a TLS
> tunnel with no indication of the differences. FYI they are coming through
> the same NAS server.
> 
As far as I know, only if the EAP part terminates on your RADIUS server, 
for use I use (on a EAP virtual server) something like:

update outer.control {
	EAP-Type := "%{EAP-Type}"
}

Then on the outside layer you should find in post-auth that 
'%{control:EAP-Type}' has what you are after.

It's harder to get the phase2 auth (also worth doing) out to the 
outer most post-auth section using a similar method, but possible.

Cheers

-- 
Alexander Clouter
.sigmonster says: boy, n:
                  	A noise with dirt on it.




More information about the Freeradius-Users mailing list