Logging EAP-TLS failures

Norman Elton normelton at gmail.com
Thu Nov 1 20:58:30 CET 2018


I'm using linelog to syslog RADIUS packets. I've found that if I call
my linelog in my "authorize" section, immediately after referring to
my EAP module, my linelog has access to all the certificate details.
Issuer, expiration, etc.

I'd like to have similar details when the certificate is invalid. If
the linelog is in the "authorize" section, right after my EAP module,
its never reached, as the EAP failure causes the whole authorize
section to fail immediately.

I've tried putting it in the post-auth section as well, but cannot get
it positioned such that the certificate details are available.

I've also tried configuring the EAP and linelog modules in a
"redundant" section, hoping that the linelog would pick up after the
EAP failure. No luck there either.

Am I headed in the right direction? Is there a way to catch the
certificate details in a linelog module after the certificate has been
found invalid?

Thanks

Norman


More information about the Freeradius-Users mailing list