eduroam howto log failure mschapv2

L.P.H. van Belle belle at bazuin.nl
Fri May 28 10:47:45 CEST 2021


Fix the samba parts to this and you should be good. 

Read : 
https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory 

Might help. 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: Freeradius-Users 
> [mailto:freeradius-users-bounces+belle=bazuin.nl at lists.freerad
> ius.org] Namens Francesco Malvezzi via Freeradius-Users
> Verzonden: vrijdag 28 mei 2021 9:26
> Aan: freeradius-users at lists.freeradius.org
> CC: Francesco Malvezzi
> Onderwerp: eduroam howto log failure mschapv2
> 
> I have been using a freeradius following the guides at:
> https://wiki.freeradius.org/guide/eduroam
> and
> https://wiki.freeradius.org/guide/eduroam-logging
> since quite some time, without a glitch.
> 
> Sometimes we are missing the logs of failed attempts in particular in
> the wrong password case.
> 
> We suppose that some clients prompt users to re-insert password a few
> times after password failure: if the user gives up and interrupts the
> flow, nothing is logged on the server side.
> 
> We can quite simulate this issue if we modify the test script at:
> https://wiki.freeradius.org/guide/eduroam#testing_test-files_e
> apol_test-peap-mschapv2-conf
> 
> and replace the line:
> phase2="auth=MSCHAPV2 mschapv2_retry=0"
> 
> with:
> phase2="auth=MSCHAPV2"
> 
> If you try the modified test script with a wrong password the 
> failure is
> not logged.
> 
> Can you help me to make the help desk happy by collecting 
> also those logs?
> 
> Can you suggest me a strategy? Do I need to log the connect 
> packet (does
> it include the username?)? Is it possible to get failure log from
> mschap? Can you share details?
> 
> Thank you,
> 
> Francesco
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 




More information about the Freeradius-Users mailing list