Question on logging EAP/PEAP authentication rejections

Josh Hiner josh at remc1.org
Mon Mar 19 20:57:19 CET 2012


Ok I went back, looked at the config, and used some common sense to figure
part of it out. I have it now logging replys for rejects using the
reply_log section of ./modules/detail.log (I also enabled copy tunneled
reply to the outer tunnel in eap.conf). In the logged rejections Im not
getting the user-name though. I tried disabling the
attr_filter.access_reject line in ./sites-enabled/default to see if the
attributes were getting filtered but that didnt do anything as I expected.
I know that Access-Reject logs are only supposed to have certain info (per
attr_filter.access_reject doc). Is there a way to modify the reply_log to
include the User-Name in the rejection or should I be using something other
than reply_log?

Thanks!
-Josh

On Fri, Mar 16, 2012 at 4:58 PM, Alan DeKok <aland at deployingradius.com>wrote:

> Josh Hiner wrote:
> > Hello. Im running freeradius 2.1.6 and logging to /var/log/radius in
> > file/detail format. Currently connection logging is working if the user
> > authenticates correctly. I cant get access rejects to log though. Ive
> > turned on reply detail but that is only showing successful attempts too.
>
>   Read raddb/sites-available/default.  Look for Post-Auth-Type Reject.
>
>  This is documented.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120319/f64c6442/attachment.html>


More information about the Freeradius-Users mailing list