linelog best practice
cedric delaunay
cedric.delaunay at univ-rennes1.fr
Thu Feb 2 14:50:23 CET 2017
Hi,
As suggested by Alan :
enabled "correct_escapes = true" in radiusd.conf.
had to suppress some \\ in realm
Re-enable filter_username int sites-enable
That's ok.
About loggins reject cause :
in inner-tunnel :
Post-Auth-Type REJECT {
...
update outer.session-state {
Module-Failure-Message := &request:Module-Failure-Message
}
in linelog module called by site's Post-Auth-Type REJECT section :
reference = "messages.%{%{reply:Packet-Type}:-format}"
messages {
...
Access-Reject = "{\"Datetime\":\"%t\",....\"Reject-Cause\":\"%{session-state:Module-Failure-Message}\",..."}"
}
I'm on the way ;)
not perfect because reject caused by ldap module still sent mschap
reason but I spent enough time on it
thanks a lot for the help
Cédric
Le 01/02/2017 à 17:15, Matthew Newton a écrit :
> On Wed, Feb 01, 2017 at 05:11:44PM +0100, cedric delaunay wrote:
>> Nope, fresh config from 3.0.4
> I would diff that against a default config from 3.0.12. Lots has
> been fixed since then.
>
> Check "correct_escapes = true" is set in your radiusd.conf.
>
>> I took inspiration from old server but nothing had been copied as old server
> OK you've done the right thing; that's good to know.
>
> Thanks,
>
> Matthew
>
>
>
--
Cédric Delaunay Direction des Systèmes d'Informations
Equipe Réseau & Telephonie 263, Avenue du Général Leclerc
Tel: 02 23 23 71 59 CS 74205 - 35042 Rennes Cedex
Pour toute demande utiliser l'aide et assistance via l'ENT à l'adresse
http://ent.univ-rennes1.fr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3610 bytes
Desc: Signature cryptographique S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170202/fc8030ae/attachment-0001.bin>
More information about the Freeradius-Users
mailing list