Some RLM_MODULE_INVALID events are not logged via detail
Boris Lytochkin
lytboris at yandex-team.ru
Wed Oct 30 21:33:55 CET 2019
On 30.10.2019 23:12, Alan DeKok wrote:
> On Oct 30, 2019, at 4:02 PM, Boris Lytochkin <lytboris at yandex-team.ru> wrote:
>>>> post-auth {
>>>> auth_log
>>>> Post-Auth-Type REJECT {
>>>> auth_log
>>> That should work.
>> But it does not for the "State" error - packet holding Access-Reject is not recorded via detail.
> Hmm... it should be. Maybe the reject is coming from *inside* of the TLS tunnel? Though it shouldn't be.
I see it as a regular RADIUS packer on the wire:
===================
User Datagram Protocol, Src Port: 1812, Dst Port: 50516
RADIUS Protocol
Code: Access-Reject (3)
Packet identifier: 0x1b (27)
Length: 20
Authenticator: e3cf0e29bd7f3ed4a08d5352574918f4
[This is a response to a request in frame 113]
[Time from request: 1.003118000 seconds]
===================
I'll get raddebug in charge of this then.
> I checked, uou can use %I to get the packet ID.
Indeed, I was confused and thought %I is expanded into (REQUEST
*)request->number. Thanks!
--
Boris Lytochkin
Yandex NOC
+7 (495) 739 70 00 ext. 7671
More information about the Freeradius-Users
mailing list