Do-Over: Post-Auth-Type Accept vs Post-Auth-Type Reject 3.0.14
Matthew Newton
matthew at newtoncomputing.co.uk
Tue Jun 20 17:14:12 CEST 2017
On Tue, Jun 20, 2017 at 02:30:06PM +0000, Wussler, Doug wrote:
> In “radiusd.conf” the “log {}” section defines radius log
> processing. In particular, “msg_goodpass” and “msg_badpass”
> allow you to add arbitrary info to your log records through the
> expansion of custom variables. Our config looks like this:
>
> log {
> destination = files
> file = ${logdir}/radius.log
> auth = yes
> msg_goodpass = "%{SSID} %{Aruba-Location-Id} %{Aruba-AP-Group} %{Aruba-Device-Type} %{reply:VLAN}"
> msg_badpass = "%{SSID} %{Aruba-Location-Id} %{Aruba-AP-Group} %{Aruba-Device-Type}"
> }
Not directly answering your question, but I would forget about
using the log{} section to do this, and configure and use the
linelog module instead. That's the recommended way of doing this.
> Is there some reason why we would want Post-Auth Accept to run
> BEFORE log processing but Post-Auth-Type Reject to run AFTER
> log processing? It seems like we would want our Post-Auth
> processing to occur in the same sequence relative to expanding
> and writing the log record no matter whether we get an Accept
> or a Reject.
Put linelog in the post-auth sections wherever you want it, and
the sequence will be fixed.
--
Matthew
More information about the Freeradius-Users
mailing list