Question on logging EAP/PEAP authentication rejections
Josh Hiner
josh at remc1.org
Mon Mar 19 21:48:06 CET 2012
Along with enabling user_tunneled_reply=yes etc.. I am also updating the
outer tunnel with the inner tunnel username like this:
update outer.reply {
User-Name = "%{request:User-Name}"
}
in ./sites-enabled/inner-tunnel
Watching radius debug I can even see attr_filter.access_reject expand
User-Name because it uses it as its key.
I do have sql reject logging fine in other radius server setups. I read the
short doc here: http://freeradius.org/radiusd/doc/Post-Auth-Type and have
searched via google. Im sorry I just cannot figure this one out. I even see
attr_filter. I cannot get Freeradius to log the username in eap/peap login
rejects.
Thanks again.
-Josh
On Fri, Mar 16, 2012 at 4:55 PM, Josh Hiner <josh at remc1.org> wrote:
> Hello. Im running freeradius 2.1.6 and logging to /var/log/radius in
> file/detail format. Currently connection logging is working if the user
> authenticates correctly. I cant get access rejects to log though. Ive
> turned on reply detail but that is only showing successful attempts too.
>
> I have : use_tunneled_reply = yes and copy_request_to_tunnel = yes in
> eap.conf (need that to do group checking in the users file) but this does
> not seem to effect the issue of no rejected logins being logged. Searched
> this email list as well as online. Sorry to bother.
>
> Any info would be great. I appreciate your time. Thanks!!!
>
> -Josh
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120319/cfbbfa18/attachment.html>
More information about the Freeradius-Users
mailing list