Module-Failure-Message when using PEAP or TTLS
Dean Goldhill
dgoldhill at netutils.com
Mon Dec 8 13:08:45 CET 2014
Hello,
When using EAP PEAP or TTLS, if I try to write the '%{Module-Failure-Message}' in the post-auth section to SQL, the value is blank when the reason is incorrect password.
When using a non-tunnelled authentication protocol, it correctly displays 'rlm_pap: CLEAR TEXT password check failed'
I think I know why this is happening, because the rejection happens prior to the last message in the EAP sequence, so the value of the module-failure-message is no longer populated in the last message sent to the device, which is when the post-auth is done.
And I have read somewhere that using the caching feature can cache the value of the module-failure-message at the point of it happening, and then retrieve it when the post-auth is done.
But I can't see to find any examples how to do this specifically using the cache feature.
Does anyone have a working example of this they would like to share with me please?
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141208/e0ccaa4f/attachment.html>
More information about the Freeradius-Users
mailing list