Logging when radius is live

Poltorak, Paul (CT DD DS EVO O BFD TM&ISEC 1) Paul.Poltorak at evosoft.com
Tue Nov 29 11:39:56 CET 2016

Hi all,

Question about logging.
At development time normally we use radiusd -X to have an idea which module fail and see the exact error message.
What about if radius is live how should I found out if a client cannot access?
Best way it will be to check a log and see what's happened or not.

I've tried with sql but at radpostauth table there only id, username, pass, reply, authdate.
I've expanded to see vlan assignment but ok always expand sql table and the querie takes time so I switched to
module linelog for testing.

At Accept now get same as at sql logging with reply vlan.
Access-Accept = "%t: Accepted user: %{User-Name}        MAC: %{Calling-Station-Id}      VLAN: %{reply:Tunnel-Private-Group-Id}"

But if reject I would like to see
User-Name (computer), MAC and which module fail and why

Access-Reject = "%t: Rejected user: %{User-Name}        MAC: %{Calling-Station-Id}     module and error message "
Is there a possibility?

Or how did you check afterward if a client cannot access?

Best Regards,

More information about the Freeradius-Users mailing list