Capturing Access-Reject data in the radpostauth table

Alan DeKok aland at
Wed Apr 28 22:23:55 CEST 2010

Aaron Paetznick wrote:
> Huh.  Here's my complete SQL query:
>         postauth_query = "INSERT INTO ${postauth_table} \
>                           (username, pass, reply, authdate, message,
> nasipaddress) \
>                           VALUES ( \
>                           '%{User-Name}', \
>                           '%{%{User-Password}:-%{Chap-Password}}', \
>                           '%{reply:Packet-Type}', '%S', \
>                           '%{Module-Failure-Message}', \

  Uh... did you update your schema to have a "message" colummn?

>                           '%{NAS-IP-Address}')"
> I did not add this yet:
> post-auth {
>     ...
>     update reply {
>         Reply-Message += "You got: %{Module-Failure-Message}"
>     }
>     ...
> }

  I said that was for testing.  Did you try it for testing?

  It's an example of using the attribute... you *will* need to make sure
you use it in the appropriate manner for what you want.

  See "man unlang" for documentation on what the aboce example does.
Hint:  it doesn't have anything to do with SQL.

> Do I need that entry in the post-auth block?  %{Module-Failure-Message}
> doesn't seem to be available by default in rlm_sql.

  I have no idea what this means.

  Module-Failure-Message is an attribute... just like anything else.  If
you can figure out out to store attributes into SQL, you can store
Module-Failure-Message in SQL.

  Alan DeKok.

More information about the Freeradius-Users mailing list