Trouble Logging bad passwords
Alan DeKok
aland at deployingradius.com
Fri Jul 10 02:42:56 CEST 2015
On Jul 9, 2015, at 7:44 PM, timradius at ykwc.com wrote:
> Hello, I am trying to log incorrect password attempts, and am having trouble.
>
> I have log_auth_badpass enabled in my radiusd.conf file:
> log_auth = yes
> log_auth_badpass = yes
>
> I am using eap-peap with mschapv2 for security
Which means it won't log the bad passwords. Because there's no password in the request.
> Which just shows a '' being inserted into "pass", which is what I am seeing of course. Is there a flag I need to set to get this to work with my security settings
MS-CHAP doesn't contain a password. So the password can't be logged, because it doesn't exist.
> What I am ultimately trying to do is find a way to get into an access point that has an incorrect secret, at this point I am completely locked out when the secret is incorrect.
You have to fix the shared secret. You can't break the security of the protocol.
Re-image the AP, or throw it out, and buy a new one.
Alan DeKok.
More information about the Freeradius-Users
mailing list