Mac Auth and post-auth logging to SQL

Jason Antman jantman at
Fri Mar 25 18:17:39 CET 2011


I'm running FreeRADIUS 2.1.7 on CentOS 5, and trying to configure MAC 
Auth Bypass. I got everything functioning correctly using the Mac-Auth 
Wiki page as a guide, including placement of the actual CSID 
authentication code in the post-auth section. However, I just enabled 
SQL in the post-auth section, and everything is getting logged to SQL 
with reply Access-Accept, even if it matched the "reject" statement.

It seems to me that it's pretty logical that post-auth would be entered 
with Auth-Type == Access-Accept, the SQL log would happen, and *then* 
the "reject" statement would get executed. What I don't understand is 
why I shouldn't move the actual authentication 
(authorized_macs.authorize) to the auth { } section, or else how I go 
about logging rejected requests.

Any advice or guidance would be greatly appreciated.

Jason Antman

Jason Antman
System Administrator
Rutgers University
OIT Central Systems & Services / NetOps

Office: 732-445-6363
Cell: 732-983-7256
jantman at

More information about the Freeradius-Users mailing list