different logs for different failures
Stefano Zanmarchi
zanmarchi at gmail.com
Mon Nov 30 15:49:06 CET 2015
Hallo,
we are allowing access only to users with correct password (obviously),
given that some conditions based on a sql query are met:
server eduroam-inner-tunnel {
authorize {
preprocess
rewrite.calling_station_id
if ("%{sql:SELECT count(*) FROM ... WHERE ... AND condition1 AND
condition2 AND condition3}" >= 1) {
ok
update control {
Auth-Type := Accept
}
}
else {
reject
}
auth_log
eap
openldap
mschap
}
authenticate {
ntlm_auth
Auth-Type MS-CHAP {
mschap
}
eap
}
post-auth {
if ( "%{outer.request:User-Name}" != "%{User-Name}" ){
reject
}
reply_log
Post-Auth-Type REJECT {
reply_log
}
}
I't working fine, but the logs always show "Login incorrect", without
detailing what caused the failure:
Nov 30 15:28:50 radius1 freeradius[2248]: Login incorrect: [myuser at myorg.it]
(from client foobar.myorg.it port 0 cli F8450AEFD221)
I'd like to have something like:
Nov 30 15:28:51 radius1 freeradius[2248]: Condition1 not met: [
myuser at myorg.it] (from client foobar.myorg.it port 0 cli F8450AEFD221)
Nov 30 15:28:52 radius1 freeradius[2248]: Login incorrect: [
youruser at myorg.it] (from client foobar.myorg.it port 0 cli F8450AEFD222)
Nov 30 15:28:53 radius1 freeradius[2248]: Condition2 not met: [
hisuser at myorg.it] (from client foobar.myorg.it port 0 cli F8450AEFD223)
Is it possible to achieve this?
Thank you very much for your help,
Stefano
More information about the Freeradius-Users
mailing list