Matt <[EMAIL PROTECTED]> writes: > #1 Is there a way to log only incorrect logins in radius.log and to > ignore correct logins (so as to not fill up the log file)?
Not currently AFAIK, but adding this should be easy. See the function rad_authlog() in src/main/auth.c A new configuration variable, e.g. log_auth_good, could be added to src/main/mainconfig.c. I guess it should probably go in the "log" subsection if you're modifying CVS HEAD, or otherwise in the main section. > #2 When I do get a login incorrect right now I get: > Auth: Login incorrect (rlm_chap: Clear text password not available): > [EMAIL PROTECTED]/<CHAP-Password>] (from client blah.host.com port > 2912 cli xxxxxxxxxxx) > > Is there anyway to get the chap password that the user entered to show > up.. or is there no way to do the reverse encryption? That's the point of chap: you don't get the clear text password over the wire. So there is no way for neither the NAS nor the radius server to guess what the user entered. Disable chap if this is a problem for you (but be aware that doing so might deny a few users who refuse to use pap for some reason). Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
