Logging ntlm authentication

Sion mleasd at gmail.com
Fri Sep 3 13:53:01 CEST 2010

On Fri, Sep 3, 2010 at 11:47 AM, Alan DeKok <aland at deployingradius.com> wrote:
> Sion wrote:
> > I've got freeradius 2.1.7 setup on a CentOS system working as an AAA
> > server for our WPA Enterprise based wireless network with clients
> > successfully authenticating using PEAP and TTLS. Now to my question,
> > I've configured linelog to log certain attributes but I also want it to
> > log either the Exec-Program output of ntlm_auth or the peap reply value
> > for the MS-CHAP-Error attribute but so far I've been unsuccessful in
> > doing this. Is this possible? if so can anybody give me any pointers?
>  You can't log the ntlm_auth output.  If it's important for you, write
> a shell script wrapper around the problem.
>  For MS-CHAP-Error, it's just an attribute.  You can log it, just like
> any other attribute.

That's what I thought, but it my linelog log it shows it being empty.
I've tried putting 'linelog' in the post-auth sections of both the
default and inner-tunnel virtual servers but no joy. Am I missing
something obvious here?

If it helps, my linelog config is as follows

linelog {
        filename = ${logdir}/linelog
        format =

>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list