Suggestion for error message verbosity improvement

Alan DeKok aland at deployingradius.com
Wed Mar 16 12:58:47 UTC 2022


On Mar 16, 2022, at 4:22 AM, Stefan Winter <stefan.winter at restena.lu> wrote:
> Regarding this message in radius.log:
> 
> Info: Dropping packet without response because of error: Received packet from A.B.C.D with invalid Message-Authenticator!  (Shared secret is incorrect.)
> 
> 
> I would like to suggest to include the name of the client stanza that received the packet. This makes it easier to identify the source in some scenarios. In my case, on a server that has many virtual servers, each listening on individual ports, with overlapping client subnet definitions (i.e. the server's port number that was contacted is important to identify the listen config; something which the client name would give away).
> 
> 
> Alternatively, adding just the port number that the packet was received on would also be sufficient. I suggest the client name by preference because that makes the reporting in line with other errors (e.g. "Login incorrect (Home Server failed to respond): [abc] (from client CLIENTS_61783_5-20..."
> 
> 
> IOW, it would be nice if the error message above could read
> 
> Info: Dropping packet without response because of error: Received packet from A.B.C.D with invalid Message-Authenticator! *(from client CLIENTS_61783_5-20)* (Shared secret is incorrect.)

  That's reasonable.  I pushed a fix.

https://github.com/FreeRADIUS/freeradius-server/commit/036ddeb428cd79cec8a719475ea2a51a3ed732ea

  Alan DeKok.



More information about the Freeradius-Users mailing list