Logging ntlm authentication
Sion
mleasd at gmail.com
Fri Sep 3 13:53:01 CEST 2010
On Fri, Sep 3, 2010 at 11:47 AM, Alan DeKok <aland at deployingradius.com> wrote:
>
> Sion wrote:
> > I've got freeradius 2.1.7 setup on a CentOS system working as an AAA
> > server for our WPA Enterprise based wireless network with clients
> > successfully authenticating using PEAP and TTLS. Now to my question,
> > I've configured linelog to log certain attributes but I also want it to
> > log either the Exec-Program output of ntlm_auth or the peap reply value
> > for the MS-CHAP-Error attribute but so far I've been unsuccessful in
> > doing this. Is this possible? if so can anybody give me any pointers?
>
> You can't log the ntlm_auth output. If it's important for you, write
> a shell script wrapper around the problem.
>
> For MS-CHAP-Error, it's just an attribute. You can log it, just like
> any other attribute.
>
That's what I thought, but it my linelog log it shows it being empty.
I've tried putting 'linelog' in the post-auth sections of both the
default and inner-tunnel virtual servers but no joy. Am I missing
something obvious here?
If it helps, my linelog config is as follows
linelog {
filename = ${logdir}/linelog
format =
"%S\t%{reply:Packet-Type}\t%{User-Name}\t%{Calling-Station-Id}\t%{Called-Station-Id}\t%{NAS-Identifier}\t%{Packet-Src-IP-Address}\t%{reply:Reply-Message}\t%{MS-CHAP-Error}\t%{reply:Tunnel-Type}
%{reply:Tunnel-Private-Group-Id}"
}
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list