Logging ntlm authentication

Garber, Neal Neal.Garber at iberdrolausa.com
Thu Nov 11 04:04:10 CET 2010

> Could you please summarize what you did to log the output from
> ntlm_auth and MS_CHAP-Error?  

Sure.  I should mention that other options are available now that didn't exist when I created the solution below...

I have a PERL script that runs during authorize that obtains user/group or machine/container permissions for the NAS in question from XML files to determine whether the entity is authorized and it creates a Log-Data reply attribute containing all non-sensitive request attributes.  This is then written to syslog during post-auth by another PERL script.  

Our help desk and others use a .Net application that I wrote to display/filter the data from the current or past log files in a grid control.  The log contains specifics of the request, authorization and authentication results/messages and reply attributes.
Does that answer your question?

More information about the Freeradius-Users mailing list