Post-Auth-Type Accept vs Post-Auth-Type Reject 3.0.14

Alan DeKok aland at
Mon Jun 19 19:08:10 CEST 2017

On Jun 19, 2017, at 12:57 PM, Wussler, Doug <doug.wussler at> wrote:
> For a successful authentication, the log shows the Post-Auth routine executing
> BEFORE the log record expansion and output.

  *What* log record expansion and output?

  The server can log to multiple places...

>  This is handy because the
> Post-Auth routine sets some variables used by the log message (as set
> in radius.conf).

  Which variables are you referring to?

  Again, the server can do multiple things... so please describe what you mean.

  Saying "the server does stuff..." is not very descriptive.

> For an unsuccessful authentication, the log shows the Post-Auth-Type
> “Reject” executing AFTER the log record expansion and output, which seems
> inconsistent and prevents the setting of the variables used in the log.

  Again... vagueness is unhelpful.

> Is this a bug or correct behavior?  If it is correct behavior, what is the reason
> that we want Post-Auth to run BEFORE the log expansion but Post-Auth-Type
> Reject to run AFTER the log expansion?

  I'm not sure what you mean, and you didn't post a debug output to show what the server is doing, so I can't answer that question.

 Alan DeKok.

More information about the Freeradius-Users mailing list