Logging ntlm authentication

Garber, Neal Neal.Garber at iberdrolausa.com
Wed Sep 8 23:02:29 CEST 2010

> Hmm... OK.  The issue appears to be that the tunneled reply is saved
> for Access-Accept, but not Access-Reject.
> See "accept_vps" in rlm_eap_peap/*.  Something similar needs to be
> done for reject, and for TTLS.

You are a gentleman and a scholar!  I have made the changes as you suggested for PEAP and tested PEAP-MSCHAPv2.  It works!  I am now able to log the output from ntlm_auth and MS-CHAP-Error.  I'm also excited about the improved TLS logging in 2.1.10.

I will add the code for TTLS now.  Unfortunately, I don't have a way to test that as I don't believe eapol_test supports TTLS and we don't use it.  I suppose someone else can test it once I upload the patch (which I will do after I make the TTLS changes).

Thanks again Alan.

More information about the Freeradius-Users mailing list