Linelog and get rid of No Failure Reason

TS h33927318 at gmail.com
Thu Aug 3 06:05:10 UTC 2023


Hello,

I am trying to consolidate logs and have only one log file with all needed
data in it.

This setup with Freeradius 3.2.3 with OpenLDAP 2.5.15.
We are using EAP + MSCHAPv2, LDAP contains an attribute with NT Password.

I am trying to get rid of "No Failure Reason" value of
"reply:Reply-Message" variable in cases where:
1. user not found in LDAP
2. user's password is incorrect
3. user has Phase1 (EAP/TLS/...) or Phase2 (MSCHAPv2/GTC/...) misconfigured.

I have pretty default configuration with small changes.
I know I should modify Reply-Message but in which file and within which
section(s)?

Snippet from my custom linelog:
 reference = "inner_auth_log.%{%{reply:Packet-Type}:-format}"

        inner_auth_log {
            Access-Accept = "%d.%m.%Y@%H:%G|RESULT=OK
|USER=%{User-Name}|WIFI_AP_IP=%{NAS-IP-Address}|CLIENT_MAC_ADDR=%{%{Calling-Station-Id}:-Unknown
Caller Id}"
            Access-Reject =
"%d.%m.%Y@%H:%G|RESULT=ERR|USER=%{User-Name}|WIFI_AP_IP=%{NAS-IP-Address}|CLIENT_MAC_ADDR=%{%{Calling-Station-Id}:-Unknown
Caller Id}|MSG=%{%{reply:Reply-Message}:-No Failure Reason}"
        }


More information about the Freeradius-Users mailing list