auth = yes logs too much, auth = no too little
hc at hcesperer.org
Thu Sep 27 08:59:42 CEST 2018
I would like to log failed login attempts, so I can see the username that was
tried. Is there a simple way to do this? Setting auth=yes in radiusd.conf also
logs all successful attempts.
So basically, I'd like to see lines like this one:
Mon Sep 24 13:24:16 2018 : Auth: (34876) Login incorrect (mschap: FAILED: No NT/LM-Password. Cannot perform authentication): [username/<via Auth-Type = eap>] (from client unifi port 0 via TLS tunnel)
Mon Sep 24 13:15:03 2018 : Auth: (34866) Login OK: [username] (from client unifi port 123456789 cli 00-00-11-22-33-44)
Any suggestions on how to achieve this or something similar would be much appreciated.
Not directly related, but somewhat: When auth=no is set, and a login fails (be
it due to a wrong username, or wrong passphrase), I get the following in the log:
Mon Sep 24 13:24:16 2018 : Info: (34877) eap_peap: This means you need to read the PREVIOUS messages in the debug output
Mon Sep 24 13:24:16 2018 : Info: (34877) eap_peap: to find out the reason why the user was rejected
Mon Sep 24 13:24:16 2018 : Info: (34877) eap_peap: Look for "reject" or "fail". Those earlier messages will tell you
Mon Sep 24 13:24:16 2018 : Info: (34877) eap_peap: what went wrong, and how to fix the problem
And that's all! There are *no previous* messages. There four lines are all that
I get. I assume this means that something on my side is misconfigured, like an
"if all else fails, reject" kind of statement?
Thanks for the help!
More information about the Freeradius-Users