auth = yes logs too much, auth = no too little

Hans-Christian Esperer hc at
Thu Sep 27 08:59:42 CEST 2018

Hi All,

I would like to log failed login attempts, so I can see the username that was
tried. Is there a simple way to do this? Setting auth=yes in radiusd.conf also
logs all successful attempts.

So basically, I'd like to see lines like this one:
    Mon Sep 24 13:24:16 2018 : Auth: (34876)   Login incorrect (mschap: FAILED: No NT/LM-Password.  Cannot perform authentication): [username/<via Auth-Type = eap>] (from client unifi port 0 via TLS tunnel)

but not
    Mon Sep 24 13:15:03 2018 : Auth: (34866) Login OK: [username] (from client unifi port 123456789 cli 00-00-11-22-33-44)

Any suggestions on how to achieve this or something similar would be much appreciated.

Not directly related, but somewhat: When auth=no is set, and a login fails (be
it due to a wrong username, or wrong passphrase), I get the following in the log:

    Mon Sep 24 13:24:16 2018 : Info: (34877) eap_peap:   This means you need to read the PREVIOUS messages in the debug output
    Mon Sep 24 13:24:16 2018 : Info: (34877) eap_peap:   to find out the reason why the user was rejected
    Mon Sep 24 13:24:16 2018 : Info: (34877) eap_peap:   Look for "reject" or "fail".  Those earlier messages will tell you
    Mon Sep 24 13:24:16 2018 : Info: (34877) eap_peap:   what went wrong, and how to fix the problem

And that's all! There are *no previous* messages. There four lines are all that
I get. I assume this means that something on my side is misconfigured, like an
"if all else fails, reject" kind of statement?

Thanks for the help!


More information about the Freeradius-Users mailing list