Log entries when proxying

Tony Skalski ajs at stolaf.edu
Tue May 11 20:16:08 CEST 2021


Thanks!

On Tue, May 11, 2021 at 1:08 PM Alan DeKok <aland at deployingradius.com>
wrote:

> On May 11, 2021, at 12:57 PM, Tony Skalski via Freeradius-Users <
> freeradius-users at lists.freeradius.org> wrote:
> >
> > I am proxying some clients (based on outer identity) to our old NPS
> > servers. This is an eduroam wireless environment and many of the example
> > configs I've found have linelog statements in the outer tunnel pre-proxy
> > and post-proxy sections. This results in about 25-30 log messages for a
> > single proxied authentication.
> >
> > This seemed like a lot of messages for a single authn, so I went looking
> > for a state attribute that would allow me to identify the first proxy
> > request and log that, as well as the final proxy accept, but not all of
> the
> > intervening proxy requests and challenges.
> >
> > Is it commonplace to log a message for each proxy request and challenge
> > like this? (and I should not worry about the number of log messages)
>
>   Not everyone does it.  But FreeRADIUS gives you the power to log
> whatever you want.
>
> > Or, is there a way to identify the initial proxy request and not log the
> > intervening requests and challenges? Thanks!
>
>   Sure.  The first proxied EAP packet won't contain the State attribute.
> All subsequent ones will.  So you can do:
>
>         if (!State) {
>                 linelog
>         }
>
>   And it will only log one line per EAP session.
>
>   Alan DeKok.
>
>

-- 
*Tony Skalski*
System Administrator | IT

*Office: *507-786-3227 <(507)786-3227>
1510 St. Olaf Avenue Northfield, MN 55057
stolaf.edu


More information about the Freeradius-Users mailing list