mac authentication, log rejected device in radius.log
John Douglass
john.douglass at oit.gatech.edu
Fri Oct 18 17:23:54 CEST 2013
On 10/18/2013 11:00 AM, Alan DeKok wrote:
> Bertalan Voros wrote:
>> I have one question, I would like to log a message in radius.log when a
>> device is rejected based on its mac address.
>> I would like to put a message saying that the device was unauthorised
>> and the Calling-Station-Id into the radius.log logfile.
> See the radiusd.conf, the "log" subsection. There are limited
> possibilities for customizing the log messages.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I use a modified module for syslog based off "exec" for this type of
thing (on a UNIX system):
exec syslog-portauth {
wait = no
program = "/usr/bin/logger -p local3.info -t portauth switch
%{NAS-IP-Address} port %{NAS-Port-Id} %{NAS-Port} - User %{sql_start2:
select determineUserFromMac('%{User-Name}')} on MAC %{User-Name}
assigned to %{reply:Tunnel-Private-Group-Id}"
input_pairs = request
packet_type = Access-Accept
shell_escape = no
}
Granted, you might need to execute this on an Access-Reject but you can
log anything you want with that. I even grab some values from my
database (MySQL functions actually) to include in the log line.
- JohnD
More information about the Freeradius-Users
mailing list