More detailed login failures on linelog
Alan DeKok
aland at deployingradius.com
Tue Feb 19 13:32:52 CET 2019
On Feb 19, 2019, at 6:11 AM, R3DNano <r3dnano at gmail.com> wrote:
>
> I have been playing around with linelog in order to send all the status via
> rsyslog to a remote machine and it has been working pretty well.
> What I still don't manage to get is how to have more detailed
> authentication failure messages in order to troubleshoot what went wrong.
> I'm currently using %{Module-Failure-Message}, but i only get stuff like
> "EAP module failure" instead of something more useful like "username is not
> found in ldap" or "Password incorrect"
> How can I do this?
"not found in LDAP" isn't an authentication failure. "Password incorrect" is, and is likely available in the inner-tunnel virtual server.
You can add Module-Failure-Message yourself via "unlang", or patch the source to add it in some modules.
Otherwise, the server produces the messages it produces. And it only produces Module-Failure-Message for a few modules.
Alan DeKok.
More information about the Freeradius-Users
mailing list