How to write log only once in Post-Auth-Type REJECT section of EAP module?
남혁준
sawd1598 at gmail.com
Mon Jan 29 12:26:59 UTC 2024
hello.
I'm using the EAP module.
Additionally, the REST module is used in the inner-server.
If you want to refuse authentication in this situation, the REST module
responds with 401 and Module-Failure-Message.
This Module-Failure-Message is then correctly delivered to the
Post-Auth-Type REJECT section within "Inner-server".
Because I had declared rest in this section, the post-auth API was being
called correctly and writing logs.
However, one additional requirement arose.
Logs should also be written when the certificate is incorrect.
I added rest to the Post-Auth-Type REJECT section in the default (with
external EAP) file.
When the certificate was incorrect, the Post-Auth-Type REJECT section of
the external EAP was reached, and this was also logged correctly.
However, the problem now arises in situations where "Internal EAP" is
called.
In "Internal EAP", the Post-Auth-Type REJECT REST module log occurs once and
Post-Auth-Type REJECT REST module log occurs once in "External EAP".
Now, the log has occurred a total of 2 times.
“Internal EAP” is the message I sent, but “outer EAP” is the message
generated by the EAP-PEAP module.
message : "eap_peap: The users session was previously rejected: returning
reject (again.)"
Logs do not necessarily have to be written from "internal EAP".
So I wanted to forward messages originating from the "inner EAP" to the
"outer EAP" module and then use them in the Post-Auth-Type REJECT REST
module.
However, I could not find a way, and only the message generated by the
EAP-PEAP module was always delivered as Module-Failure-Message.
How do I accomplish what I want?
More information about the Freeradius-Users
mailing list