Logging ntlm authentication

Sion mleasd at gmail.com
Fri Sep 3 17:39:54 CEST 2010


On Fri, Sep 3, 2010 at 4:25 PM, Alan DeKok <aland at deployingradius.com> wrote:
> Sion wrote:
>> That was one of the first things I did after reading the debug output
>> originally - I've got 'linelog' in the post-auth section of the
>> "inner-tunnel" in addition to the "default" virtual server.
>
>  The post-auth section of "inner-tunnel" isn't used, unfortunately.

Ahh ok, that explains it.

>
>> If I take
>> linelog completely out of the default virtual server so that it's only
>> defined in the post-auth of the inner-tunnel no log is generated at
>> all.
>
> $ man unlang
>
>  You can use the inner-tunnel config to update the outer attributes,
> and then log them in the outer virtual server.

This had actually crossed my mind but I had tried testing this in the
post-auth section as well.

What section should I do this in? Would something like this work?

update outer {
               MS-CHAP-Error = "%{reply:MS-CHAP-Error}"
}

>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>




More information about the Freeradius-Users mailing list