Module-Failure-Message when using PEAP or TTLS

Dean Goldhill dgoldhill at
Mon Dec 8 13:08:45 CET 2014


When using EAP PEAP or TTLS, if I try to write the '%{Module-Failure-Message}' in the post-auth section to SQL, the value is blank when the reason is incorrect password.
When using a non-tunnelled authentication protocol, it correctly displays 'rlm_pap: CLEAR TEXT password check failed'

I think I know why this is happening,  because the rejection happens prior to the last message in the EAP sequence, so the value of the module-failure-message is no longer populated in the last message sent to the device, which is when the post-auth is done.
And I have read somewhere that using the caching feature can cache the value of the module-failure-message at the point of it happening, and then retrieve it when the post-auth is done.

But I can't see to find any examples how to do this specifically using the cache feature.
Does anyone have a working example of this they would like to share with me please?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list