eduroam howto log failure mschapv2

Francesco Malvezzi francesco.malvezzi at unimore.it
Fri May 28 09:26:15 CEST 2021


I have been using a freeradius following the guides at:
https://wiki.freeradius.org/guide/eduroam
and
https://wiki.freeradius.org/guide/eduroam-logging
since quite some time, without a glitch.

Sometimes we are missing the logs of failed attempts in particular in
the wrong password case.

We suppose that some clients prompt users to re-insert password a few
times after password failure: if the user gives up and interrupts the
flow, nothing is logged on the server side.

We can quite simulate this issue if we modify the test script at:
https://wiki.freeradius.org/guide/eduroam#testing_test-files_eapol_test-peap-mschapv2-conf

and replace the line:
phase2="auth=MSCHAPV2 mschapv2_retry=0"

with:
phase2="auth=MSCHAPV2"

If you try the modified test script with a wrong password the failure is
not logged.

Can you help me to make the help desk happy by collecting also those logs?

Can you suggest me a strategy? Do I need to log the connect packet (does
it include the username?)? Is it possible to get failure log from
mschap? Can you share details?

Thank you,

Francesco


More information about the Freeradius-Users mailing list