Using "Tunnel-Private-Group-Id" in linelog
Burger, Wolfgang
wburger at gwdg.de
Wed Oct 23 15:52:01 CEST 2019
Dear freeradius-users,
I´m using FreeRADIUS Version 2.1.12 to dynamically set the VLAN-ID on some switches by client-mac-address.
Works like a charm.
I have to modify the logfiles and would like to use linelog.
This is my linelog config:
linelog vlanlog {
filename = ${logdir}/vlanlog
permissions = 0600
format = "This is a log message for %{User-Name}"
reference = "%{%{Packet-Type}:-format}"
Access-Request = "%S: %{reply:Packet-Type} AAA-VLAN-Request for %{User-Name} on %{NAS-Identifier} (%{NAS-IP-Address}) at Port %{NAS-Port-Id}. Put to VLAN %{reply:Tunnel-Private-Group-Id}"
Access-Reject = "Rejected access: %{User-Name}"
Access-Challenge = "Sent challenge: %{User-Name}"
}
And this is a Request and Reply for a VLAN-Request:
rad_recv: Access-Request packet from host 192.168.1.141 port 1812, id=125, length=320
Framed-MTU = 1466
NAS-IP-Address = 192.168.1.141
NAS-Identifier = "Switch31"
User-Name = "0cc47a96a6af"
Service-Type = Call-Check
Framed-Protocol = PPP
NAS-Port = 41
NAS-Port-Type = Ethernet
NAS-Port-Id = "41"
Called-Station-Id = "00-16-b9-d1-01-d7"
Calling-Station-Id = "0c-c4-7a-96-a6-af"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
...
MS-RAS-Vendor = 11
HP-Capability-Advert = 0x011a0000000b28
HP-Capability-Advert = 0x011a0000000b2e
HP-Capability-Advert = 0x011a0000000b30
HP-Capability-Advert = 0x011a0000000b3d
HP-Capability-Advert = 0x0138
HP-Capability-Advert = 0x013a
HP-Capability-Advert = 0x0140
HP-Capability-Advert = 0x0141
HP-Capability-Advert = 0x0151
server vlan {
# Executing section authorize from file /etc/freeradius/sites-enabled/VLAN
+- entering group authorize {...}
++[preprocess] returns ok
++? if (NAS-Identifier == "switch61" && NAS-Port-Id == "11")
? Evaluating (NAS-Identifier == "switch61" ) -> FALSE
? Skipping (NAS-Port-Id == "11")
++? if (NAS-Identifier == "switch61" && NAS-Port-Id == "11") -> FALSE
++- entering else else {...}
[vlan_by_macaddr] users: Matched entry DEFAULT at line 8465
+++[vlan_by_macaddr] returns ok
++- else else returns ok
[chap] WARNING: Auth-Type already set. Not setting to CHAP
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "0cc47a96a6af", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
Login OK: [0cc47a96a6af] (from client vlan_switch31 port 41 cli 0c-c4-7a-96-a6-af)
# Executing section post-auth from file /etc/freeradius/sites-enabled/VLAN
+- entering group post-auth {...}
[vlanlog] expand: %{Packet-Type} -> Access-Request
[vlanlog] expand: %{%{Packet-Type}:-format} -> Access-Request
[vlanlog] expand: /var/log/freeradius/vlanlog -> /var/log/freeradius/vlanlog
[vlanlog] expand: %S: %{reply:Packet-Type} AAA-VLAN-Request for %{User-Name} on %{NAS-Identifier} (%{NAS-IP-Address}) at Port %{NAS-Port-Id}. -> 2019-10-23 14:27:54: Access-Accept AAA-VLAN-Request for 0cc47a96a6af on Switch31 (192.168.1.141) at Port 41.
++[vlanlog] returns ok
} # server vlan
Sending Access-Accept of id 125 to 192.168.1.141 port 1812
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "\0001"
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
Im calling vlanlog only in
post-auth {
vlanlog
Post-Auth-Type REJECT {
vlanlog
attr_filter.access_reject
}
}
I would like to include the information in "Tunnel-Private-Group-Id" into the linelog.
I´ve tried to add %{reply:Tunnel-Private-Group-Id} to the linelog config.
But the result in vlanlog is:
2019-10-23 15:42:53: Access-Accept AAA-VLAN-Request for 0cc47a96a6af on Switch31 (192.168.1.141) at Port 41. Put to VLAN
How can i include the information in "Tunnel-Private-Group-Id" of Access-Accept into the linelog logfile?
Thank you very much and best regards,
Wolfgang
More information about the Freeradius-Users
mailing list