wrong password failures not logged
Stefano Zanmarchi
zanmarchi at gmail.com
Tue Apr 5 15:43:09 CEST 2016
Thank you very much for the tip, it's working fine.
Module-Failure-Message does the job, "mschap: MS-CHAP2-Response is
incorrect" gets now logged.
Just in case someone faces the same problem:
In the inner-tunnel:
Auth-Type EAP {
eap {
handled = 1
}
if (Module-Failure-Message) {
eap_problem
}
handled
}
With eap_problem defined at the end of .../mods-enabled/linelog:
linelog eap_problem {
filename = syslog
syslog_facility = daemon
format = "EAP problem, (%{Module-Failure-Message}) [%{User-Name}]
(from %{client:shortname} cli %{Calling-Station-Id})"
}
On Thu, Mar 31, 2016 at 10:49 PM, Alan DeKok <aland at deployingradius.com>
wrote:
> On Mar 31, 2016, at 12:10 PM, Stefano Zanmarchi <zanmarchi at gmail.com>
> wrote:
> > I should have put my question in a more explicit but maybe less polite
> way.
> > Let me do it now.
>
> Technical content is what we're looking for.
>
> > Having read the debugging output, and having performed the same test with
> > freeradius 2 and freeradius 3, I have come to the conclusion that
> > freeradius 3 detects mschap failures but does not always log the event,
> > whereas freeradius 2 does. Why that?
>
> Arran's response explains this. But also.. you can run the server in
> debug mode to see what it does in v2, and what it does in v3. Compare them
> to see the differences.
>
> > Not having the failure event logged anymore is quite a nuisance because
> > when a user complains that the network isn't working I can't easily see
> > from the logs that it's just him typing the wrong password.
>
> I understand.
>
> > It'd be very useful if freeradius could log the "mschap: ERROR:
> > MS-CHAP2-Response is incorrect" in the logs even when not run in debug
> mode.
>
> It should generally log the failure of an inner-tunnel authentication.
> If it doesn't, that's probably an issue.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list