More detailed login failures on linelog

Alan DeKok aland at
Tue Feb 19 13:32:52 CET 2019

On Feb 19, 2019, at 6:11 AM, R3DNano <r3dnano at> wrote:
> I have been playing around with linelog in order to send all the status via
> rsyslog to a remote machine and it has been working pretty well.
> What I still don't manage to get is how to have more detailed
> authentication failure messages in order to troubleshoot what went wrong.
> I'm currently using %{Module-Failure-Message}, but i only get stuff like
> "EAP module failure" instead of something more useful like "username is not
> found in ldap" or "Password incorrect"
> How can I do this?

  "not found in LDAP" isn't an authentication failure.  "Password incorrect" is, and is likely available in the inner-tunnel virtual server.

  You can add Module-Failure-Message yourself via "unlang", or patch the source to add it in some modules.

  Otherwise, the server produces the messages it produces.  And it only produces Module-Failure-Message for a few modules.

  Alan DeKok.

More information about the Freeradius-Users mailing list