EAP logging

Martin Kraus lists_mk at wujiman.net
Thu Aug 29 01:14:11 CEST 2013


On Thu, Aug 29, 2013 at 10:39:50AM +1200, Andrej wrote:
> On 28 August 2013 18:49, Alan Buxey <A.L.M.Buxey at lboro.ac.uk> wrote:
> Thanks Alan,
> 
> > Your reference is wrong/unknown which means that there's a noop. This means
> > no operation which means no fticks output
> 
> This brings me back to my earlier question: what values are available
> where, and when,
> via which mechanism?
> 
> I think I still don't fully understand how modules hang together, how
> I pass information
> from e.g. an EAP request into line-log, or, looking at
> sites-enabled/eap-inner-tunnel, how
> I tell f_ticks (or linelog, or any other modules for that matter)
> which values I'd like to work
> with.

Everything becomes an attribute or a variable and the definitions are mostly
at /usr/share/freeradius/dictionary.freeradius.internal and you can also
define your own attributes in /etc/freeradius/dictionary. I use this to get 
time in a format similar to syslog by having a variable My-Local-Time and
calling an exec module with date command and assigning the result to this
variable which I can then reference in my linelog.

the only way I found how to get what I need is to define a linelog, write
there the variables I hope will have what I'm looking for and call that
linelog from some part of the server configuration and just run my clients
against it and see what happens.

for the username you can use outer.request:User-Name in the inner-tunnel which
should reference the outer tunnel User-Name. User-Name in the inner-tunnel
should be the inner EAP username. Also the attribute named
Inner-Tunnel-User-Name might have the inner EAP username but that might be
defined only in the post-auth section of the default server.

mk


More information about the Freeradius-Users mailing list