linelog best practice

cedric delaunay cedric.delaunay at univ-rennes1.fr
Thu Feb 2 14:50:23 CET 2017


Hi,
As suggested by Alan :
enabled "correct_escapes = true" in radiusd.conf.
had to suppress some \\ in realm
Re-enable filter_username int sites-enable

That's ok.
About loggins reject cause :

in inner-tunnel :

     Post-Auth-Type REJECT {
...
         update outer.session-state {
             Module-Failure-Message := &request:Module-Failure-Message
         }

in linelog module called by site's Post-Auth-Type REJECT section :

reference = "messages.%{%{reply:Packet-Type}:-format}"
     messages {
...
Access-Reject = "{\"Datetime\":\"%t\",....\"Reject-Cause\":\"%{session-state:Module-Failure-Message}\",..."}"
}

I'm on the way ;)
not perfect because reject caused by ldap module still sent mschap 
reason but I spent enough time on it
thanks a lot for the help
Cédric



Le 01/02/2017 à 17:15, Matthew Newton a écrit :
> On Wed, Feb 01, 2017 at 05:11:44PM +0100, cedric delaunay wrote:
>> Nope, fresh config from 3.0.4
> I would diff that against a default config from 3.0.12. Lots has
> been fixed since then.
>
> Check "correct_escapes = true" is set in your radiusd.conf.
>
>> I took inspiration from old server but nothing had been copied as old server
> OK you've done the right thing; that's good to know.
>
> Thanks,
>
> Matthew
>
>
>


-- 
Cédric Delaunay			Direction des Systèmes d'Informations
Equipe Réseau & Telephonie	263, Avenue du Général Leclerc
Tel: 02 23 23 71 59		CS 74205 - 35042 Rennes Cedex

Pour toute demande utiliser l'aide et assistance via l'ENT à l'adresse
http://ent.univ-rennes1.fr


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3610 bytes
Desc: Signature cryptographique S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170202/fc8030ae/attachment-0001.bin>


More information about the Freeradius-Users mailing list