Some RLM_MODULE_INVALID events are not logged via detail

Boris Lytochkin lytboris at
Wed Oct 30 21:33:55 CET 2019

On 30.10.2019 23:12, Alan DeKok wrote:
> On Oct 30, 2019, at 4:02 PM, Boris Lytochkin <lytboris at> wrote:
>>>>          post-auth {
>>>>                  auth_log
>>>>                  Post-Auth-Type REJECT {
>>>>                          auth_log
>>>    That should work.
>> But it does not for the "State" error -  packet holding Access-Reject is not recorded via detail.
>    Hmm... it should be.  Maybe the reject is coming from *inside* of the TLS tunnel?  Though it shouldn't be.
I see it as a regular RADIUS packer on the wire:
User Datagram Protocol, Src Port: 1812, Dst Port: 50516
RADIUS Protocol
     Code: Access-Reject (3)
     Packet identifier: 0x1b (27)
     Length: 20
     Authenticator: e3cf0e29bd7f3ed4a08d5352574918f4
     [This is a response to a request in frame 113]
     [Time from request: 1.003118000 seconds]

I'll get raddebug in charge of this then.

>    I checked, uou can use %I to get the packet ID.
Indeed, I was confused and thought %I is expanded into (REQUEST 
*)request->number. Thanks!

Boris Lytochkin
Yandex NOC
+7 (495) 739 70 00 ext. 7671

More information about the Freeradius-Users mailing list