Log final reply packet including any VSA's

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Wed Feb 8 23:32:12 CET 2017


Hi,

>    Just wanted to check if their are any ways of logging the final reply
>    sent to NAS. By this I mean this bit from radiusd -X
> 
>    (10) Sent Access-Accept Id 10 from 172.21.8.201:1812 to
>    172.20.0.76:39604 length 0
>    (10)   Aruba-User-Role = "authenticated"
>    (10)   MS-MPPE-Recv-Key =
>    0xf2af9bba1de508511fa7ed2d41fdcef297593e51a2901c8d90e64889345c4190
>    (10)   MS-MPPE-Send-Key =
>    0xf522b78b422d7a5a23302b3370fce4a080e8cad27e83391f220645ca8f269f46
>    (10)   EAP-Message = 0x030a0004
>    (10)   Message-Authenticator = 0x00000000000000000000000000000000
>    (10) Finished request
> 
>    In this its sending back an Aruba VSA.
> 
>    I can get all of the above by doing %{reply:[*]} but it doesnt log the
>    actual VSA in it. Just checking if there is an easy way of doing. I
>    need both the name of the attribute and the actual attribute value
>    returned like its showing up on this debug.

sure - 'reply_log' - just enable it in the post-auth section of the virtual server,
read the detail.log module file for more info.

alan


More information about the Freeradius-Users mailing list