Discard / no Log

Nick Porter nick at portercomputing.co.uk
Mon Apr 4 07:36:25 UTC 2022 

Hi Nicolas

Instead of "return", you can use the policy "do_not_respond" which 
instructs FreeRADIUS not to respond to the request.

This sets &reply:Packet-Type to Do-Not-Respond - which if you find 
things are still being logged, you can test for to avoid the logging.

Nick

On 04/04/2022 07:39, Nicolas Breuer wrote:
> Hello,
>
> We are flooded by a wrong CPE configuration. Is there a way if the realm is not configured in proxy.conf to discard the packet silently and discard the log in the radius.log ? I tried to return if “noop” but logging is still there 😊 Disable the logging for auth_reject is not an option 😊
>
>
> authorize {
>
>          #  The preprocess module takes care of sanitizing some bizarre
>          #  attributes in the request, and turning them into attributes
>          #  which are more standard.
>          #
>          #  It takes care of processing the 'raddb/mods-config/preprocess/hints'
>          #  and the 'raddb/mods-config/preprocess/huntgroups' files.
>          preprocess
>
>          #
>          #  The chap module will set 'Auth-Type := CHAP' if we are
>          #  handling a CHAP request and Auth-Type has not already been set
>          chap
>
>          #
>          #  If the users are logging in with an MS-CHAP-Challenge
>          #  attribute for authentication, the mschap module will find
>          #  the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
>          #  to the request, which will cause the server to then use
>          #  the mschap module for authentication.
>          mschap
>
>          #
>          # Look for realms in user at domain format
>          suffix
>
>                  if (noop){
>                  return
>                  }
> …….
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Nick Porter

Porter Computing Ltd
Registered in England No 12659380

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20220404/fff11d9a/attachment.sig>

More information about the Freeradius-Users mailing list