Capturing Access-Reject data in the radpostauth table

Aaron Paetznick aaronp at
Tue Apr 27 23:20:12 CEST 2010

I've added a column to my radpostauth table and started collecting 
%{reply:Reply-Message} for each Access-Reject packet.  This is 
moderately useful, but it's not really what I want to do.

My intention is to capture some useful information as to why the user 
was rejected.  Ideally, I'd like to have access to the response message 
from the authentication module, or maybe even the last log messages 
generated by this session.

E.g., if the log message was:

Login incorrect (rlm_pap: CLEAR TEXT password check failed): [user/pass] 
(from client NAS port 0 cli callinginfo)

I'd consider capturing the whole thing, but I'd be happy with just the 
"rlm_pap: CLEAR TEXT password check failed" part.  Do I have access to 
that level of info from within rlm_sql?


More information about the Freeradius-Users mailing list