SQL insert on TLs failure

Dean Goldhill dgoldhill at netutils.com
Wed Dec 3 11:00:52 CET 2014


Thanks very much. Works perfectly.



-----Original Message-----
From: freeradius-users-bounces+dgoldhill=netutils.com at lists.freeradius.org [mailto:freeradius-users-bounces+dgoldhill=netutils.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: 01 December 2014 18:32
To: FreeRadius users mailing list
Subject: Re: SQL insert on TLs failure


On Dec 1, 2014, at 7:22 AM, Dean Goldhill <dgoldhill at netutils.com> wrote:
> I want to write a record to the MySQL database when a client sends a TLS close notification.
> So when a laptop is not properly configured to trust our CA, the client sends a TLS close notification.
> And in the log we see something like: "Auth: Login incorrect (TLS Alert read:warning:close notify):"

  The "TLS Alert..." message is contained in the Module-Failure-Message attribute.

> I know why this is happening, but I just want to write an entry to the database so we have a record of which users are failing because of this reason.
> Is it possible to do this?

  Yes.  Configure "sql" in the "Post-Auth-Type Reject" section.  Then, edit the "postauth_query" (2.x) to include %{Module-Failure-Message}

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list