auth = yes logs too much, auth = no too little

Hans-Christian Esperer hc at hcesperer.org
Thu Sep 27 08:59:42 CEST 2018


Hi All,

I would like to log failed login attempts, so I can see the username that was
tried. Is there a simple way to do this? Setting auth=yes in radiusd.conf also
logs all successful attempts.

So basically, I'd like to see lines like this one:
    Mon Sep 24 13:24:16 2018 : Auth: (34876)   Login incorrect (mschap: FAILED: No NT/LM-Password.  Cannot perform authentication): [username/<via Auth-Type = eap>] (from client unifi port 0 via TLS tunnel)

but not
    Mon Sep 24 13:15:03 2018 : Auth: (34866) Login OK: [username] (from client unifi port 123456789 cli 00-00-11-22-33-44)

Any suggestions on how to achieve this or something similar would be much appreciated.


Not directly related, but somewhat: When auth=no is set, and a login fails (be
it due to a wrong username, or wrong passphrase), I get the following in the log:

    Mon Sep 24 13:24:16 2018 : Info: (34877) eap_peap:   This means you need to read the PREVIOUS messages in the debug output
    Mon Sep 24 13:24:16 2018 : Info: (34877) eap_peap:   to find out the reason why the user was rejected
    Mon Sep 24 13:24:16 2018 : Info: (34877) eap_peap:   Look for "reject" or "fail".  Those earlier messages will tell you
    Mon Sep 24 13:24:16 2018 : Info: (34877) eap_peap:   what went wrong, and how to fix the problem

And that's all! There are *no previous* messages. There four lines are all that
I get. I assume this means that something on my side is misconfigured, like an
"if all else fails, reject" kind of statement?

Thanks for the help!

Cheers
 HC


More information about the Freeradius-Users mailing list