Best practices for logging in production environment?

Matthew Newton mcn4 at
Fri Mar 27 00:42:45 CET 2015

On Thu, Mar 26, 2015 at 07:24:24PM -0400, Mohamed Lrhazi wrote:
> I see that if run with -X, I see this log:
> (23)  } #  authenticate = invalid
> (23) Failed to authenticate the user.
> (23) Login incorrect (eap: Failed continuing EAP PEAP (25) session. EAP
> sub-module failed): [ml623] (from client gu_net_141_161 port 0 cli
> 02-00-00-00-00-01)
> (23) Using Post-Auth-Type Reject
> (23) # Executing group from file /etc/freeradius/sites-enabled/default

If you're logging that in the default (outer) server, try logging
it from the inner-tunnel post-auth, just after you've done the
actual authentication?

If that comes up with what you're after, you can use unlang to
copy the Module-Failure-Message to the outer request for logging
there if you prefer.


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list