different logs for different failures

Stefano Zanmarchi zanmarchi at gmail.com
Mon Nov 30 15:49:06 CET 2015


Hallo,
we are allowing access only to users with correct password (obviously),
given that some conditions based on a sql query are met:

server eduroam-inner-tunnel {

authorize {
        preprocess
        rewrite.calling_station_id
        if ("%{sql:SELECT count(*) FROM ... WHERE ... AND condition1 AND
condition2 AND condition3}" >= 1) {
            ok
            update control {
             Auth-Type := Accept
            }
        }
        else {
          reject
        }

        auth_log
        eap
        openldap
        mschap
}

authenticate {
        ntlm_auth
        Auth-Type MS-CHAP {
                mschap
        }
        eap
}

post-auth {
        if ( "%{outer.request:User-Name}" != "%{User-Name}" ){
                          reject
        }
        reply_log
        Post-Auth-Type REJECT {
                reply_log
        }
}


I't working fine, but the logs always show "Login incorrect", without
detailing what caused the failure:
Nov 30 15:28:50 radius1 freeradius[2248]: Login incorrect: [myuser at myorg.it]
(from client foobar.myorg.it port 0 cli F8450AEFD221)

I'd like to have something like:
Nov 30 15:28:51 radius1 freeradius[2248]: Condition1 not met: [
myuser at myorg.it] (from client foobar.myorg.it port 0 cli F8450AEFD221)
Nov 30 15:28:52 radius1 freeradius[2248]: Login incorrect: [
youruser at myorg.it] (from client foobar.myorg.it port 0 cli F8450AEFD222)
Nov 30 15:28:53 radius1 freeradius[2248]: Condition2 not met: [
hisuser at myorg.it] (from client foobar.myorg.it port 0 cli F8450AEFD223)

Is it possible to achieve this?
Thank you very much for your help,
Stefano


More information about the Freeradius-Users mailing list