Linelog and get rid of No Failure Reason
Anatoliy
cphlpd at gmail.com
Thu Aug 3 07:10:58 UTC 2023
Hi , here is example how we log this ..
authorize {
sql {
notfound = 2
}
if( notfound ) {
update reply {
Reply-Message := "Username Not found"
}
}
}
authenticate {
Auth-Type PAP {
pap {
reject = 3
}
if (reject) {
update reply {
Reply-Message := "Password Incorrect"
}
}
}
}
and log in port-auth
post-auth {
llog-auth-accept
Post-Auth-Type REJECT {
llog-auth-reject
}
I use different schema for log accept and log reject.
On Thu, Aug 3, 2023 at 12:05 PM TS <h33927318 at gmail.com> wrote:
> Hello,
>
> I am trying to consolidate logs and have only one log file with all needed
> data in it.
>
> This setup with Freeradius 3.2.3 with OpenLDAP 2.5.15.
> We are using EAP + MSCHAPv2, LDAP contains an attribute with NT Password.
>
> I am trying to get rid of "No Failure Reason" value of
> "reply:Reply-Message" variable in cases where:
> 1. user not found in LDAP
> 2. user's password is incorrect
> 3. user has Phase1 (EAP/TLS/...) or Phase2 (MSCHAPv2/GTC/...)
> misconfigured.
>
> I have pretty default configuration with small changes.
> I know I should modify Reply-Message but in which file and within which
> section(s)?
>
> Snippet from my custom linelog:
> reference = "inner_auth_log.%{%{reply:Packet-Type}:-format}"
>
> inner_auth_log {
> Access-Accept = "%d.%m.%Y@%H:%G|RESULT=OK
>
> |USER=%{User-Name}|WIFI_AP_IP=%{NAS-IP-Address}|CLIENT_MAC_ADDR=%{%{Calling-Station-Id}:-Unknown
> Caller Id}"
> Access-Reject =
> "%d.%m.%Y@
> %H:%G|RESULT=ERR|USER=%{User-Name}|WIFI_AP_IP=%{NAS-IP-Address}|CLIENT_MAC_ADDR=%{%{Calling-Station-Id}:-Unknown
> Caller Id}|MSG=%{%{reply:Reply-Message}:-No Failure Reason}"
> }
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list