Detailed Logging freeradius Request Packets
Boris Lytochkin
lytboris at yandex-team.ru
Sun Oct 27 17:25:39 CET 2019
Hi there!
> > So this message, the Access-Challenge messages are not logged, although
> > the Access-Accept are logged.
> >
> > I should have said I want to log Access-Challenge messages, would be
> > more correct.
>
> That's a bit harder. Put this in the "authenticate" section, to
> replace the "eap" line:
>
> Auth-Type eap {
> eap {
> handled = 1
> }
> if (handled) {
> auth_log.post-auth
> }
> }
>
> That should do the trick.
> Alan DeKok.
I found this thread in 2019 (10 years after that, I hope that I hacked headers good enough to glue this message to old thread) to achieve the same goal with a slightly more complex situation.
Original unlang code was:
==========
Auth-Type eap {
eap
perl
}
==========
So if you just use the recipe as-is you would encounter perl being invoked on every single EAP conversation cycle.
To overcome this, one might want to use an upgraded version of the original idea:
==========
Auth-Type eap {
eap {
handled = 9999
}
if (handled) {
auth_log.post-auth
return
}
perl
}
==========
Increased priority for handled return code is there just in case we would have something **above** eap that could emit OK/NOOP/UPDATED/etc which have higher priority. OK returned by auth_log.post-auth
would be overridden by handled priority as well.
Before using this magic, please take a look on doc/configuration/configurable_failover.rst in FreeRADIUS sources to understand what's going on here, it takes a while to settle the things down. :)
--
Boris Lytochkin
Yandex NOC
+7 (495) 739 70 00 ext. 7671
More information about the Freeradius-Users
mailing list