Log entries when proxying

Alan DeKok aland at deployingradius.com
Tue May 11 20:08:25 CEST 2021


On May 11, 2021, at 12:57 PM, Tony Skalski via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> I am proxying some clients (based on outer identity) to our old NPS
> servers. This is an eduroam wireless environment and many of the example
> configs I've found have linelog statements in the outer tunnel pre-proxy
> and post-proxy sections. This results in about 25-30 log messages for a
> single proxied authentication.
> 
> This seemed like a lot of messages for a single authn, so I went looking
> for a state attribute that would allow me to identify the first proxy
> request and log that, as well as the final proxy accept, but not all of the
> intervening proxy requests and challenges.
> 
> Is it commonplace to log a message for each proxy request and challenge
> like this? (and I should not worry about the number of log messages)

  Not everyone does it.  But FreeRADIUS gives you the power to log whatever you want.

> Or, is there a way to identify the initial proxy request and not log the
> intervening requests and challenges? Thanks!

  Sure.  The first proxied EAP packet won't contain the State attribute.  All subsequent ones will.  So you can do:

	if (!State) {
		linelog
	}

  And it will only log one line per EAP session.

  Alan DeKok.




More information about the Freeradius-Users mailing list