SQL Logging

Kristoffer Milligan kristoffer at nextnet.no
Fri Jan 28 09:55:16 CET 2011


Hello again,

I'm still fighting my little battle in copying attributes from the inner 
to the outer tunnel etc. I have now gotten as far that logging 
access-accepts is working as I want, but I'm now struggling logging 
access-rejects. Here's my SQL from dialup.conf:

         postauth_query = "INSERT INTO ${postauth_table}                   \
                 (username, pass, reply, authdate) 
VALUES                     \
                 ('%{reply:SQL-User-Name}', 
'%{reply:Packet-Type}',               \
                 '%{reply:Calling-Station-Id}', '%S');"

 From a rejected session, I get this:

Fri Jan 28 09:48:05 2011 : Info: (5) [ttls] Got tunneled reply code 3
     Filter-Id = "OBFUSCATED"
     SQL-User-Name = "OBFUSCATED"
     Calling-Station-Id = "OBFUSCATED"
     MS-CHAP-Error = "\226E=691 R=1"
....
Fri Jan 28 09:48:05 2011 : Info: (5) +- entering group REJECT {...}
Fri Jan 28 09:48:05 2011 : Info: (5) [sql]     expand: 
%{Stripped-User-Name} -> {am=1}OBFUSCATED
Fri Jan 28 09:48:05 2011 : Info: (5) [sql]     expand: 
%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> {am=1}OBFUSCATED
Fri Jan 28 09:48:05 2011 : Info: (5) [sql] sql_set_user escaped user --> 
'{am=1}OBFUSCATED'
Fri Jan 28 09:48:05 2011 : Info: (5) [sql]     expand: INSERT INTO 
radpostauth                               (username, pass, reply, 
authdate) VALUES                                 
('%{reply:SQL-User-Name}', '%{reply:Packet-Type}',                       
     '%{reply:Calling-Station-Id}', '%S'); -> INSERT INTO 
radpostauth                               (username, pass, reply, 
authdate) VALUES                                 ('', 
'Access-Reject',                           '', '2011-01-28 09:48:05');
Fri Jan 28 09:48:05 2011 : Debug: rlm_sql (sql) in sql_postauth: query 
is INSERT INTO radpostauth                               (username, 
pass, reply, authdate) VALUES                                 ('', 
'Access-Reject',                           '', '2011-01-28 09:48:05');

 From an accepted session, everything works fine and the SQL-User-Name 
and Calling-Station-Id are logged as expected. How come the attributes 
are empty, even though they are in the reply, only when an access-reject 
is given?

- Kristoffer



More information about the Freeradius-Users mailing list