Mac Auth and post-auth logging to SQL
Alan DeKok
aland at deployingradius.com
Fri Mar 25 20:11:17 CET 2011
Jason Antman wrote:
> I'm running FreeRADIUS 2.1.7 on CentOS 5, and trying to configure MAC
> Auth Bypass. I got everything functioning correctly using the Mac-Auth
> Wiki page as a guide, including placement of the actual CSID
> authentication code in the post-auth section. However, I just enabled
> SQL in the post-auth section, and everything is getting logged to SQL
> with reply Access-Accept, even if it matched the "reject" statement.
I don't see how that is possible. Are you sure you know what it's
doing? Have you run the server in debugging mode?
> It seems to me that it's pretty logical that post-auth would be entered
> with Auth-Type == Access-Accept, the SQL log would happen, and *then*
> the "reject" statement would get executed
That makes no sense. "If it's accept, it runs reject" ?
>. What I don't understand is
> why I shouldn't move the actual authentication
> (authorized_macs.authorize) to the auth { } section, or else how I go
> about logging rejected requests.
I have no idea what that means.
Alan DeKok.
More information about the Freeradius-Users
mailing list