Post-Auth-Type Accept vs Post-Auth-Type Reject 3.0.14
Alan DeKok
aland at deployingradius.com
Mon Jun 19 19:08:10 CEST 2017
On Jun 19, 2017, at 12:57 PM, Wussler, Doug <doug.wussler at fsu.edu> wrote:
>
> For a successful authentication, the log shows the Post-Auth routine executing
> BEFORE the log record expansion and output.
*What* log record expansion and output?
The server can log to multiple places...
> This is handy because the
> Post-Auth routine sets some variables used by the log message (as set
> in radius.conf).
Which variables are you referring to?
Again, the server can do multiple things... so please describe what you mean.
Saying "the server does stuff..." is not very descriptive.
> For an unsuccessful authentication, the log shows the Post-Auth-Type
> “Reject” executing AFTER the log record expansion and output, which seems
> inconsistent and prevents the setting of the variables used in the log.
Again... vagueness is unhelpful.
> Is this a bug or correct behavior? If it is correct behavior, what is the reason
> that we want Post-Auth to run BEFORE the log expansion but Post-Auth-Type
> Reject to run AFTER the log expansion?
I'm not sure what you mean, and you didn't post a debug output to show what the server is doing, so I can't answer that question.
Alan DeKok.
More information about the Freeradius-Users
mailing list