update to my fault because not RTFM first. I add another sql to the sql.conf
sql sql_failed_reject { driver = "rlm_sql_mysql" server = "localhost" login = "xxx" password = "xxx" radius_db = "radius" postauth_table = "radpostauth" authcheck_table = "radcheck" authreply_table = "radreply" groupcheck_table = "radgroupcheck" groupreply_table = "radgroupreply" usergroup_table = "usergroup" nas_table = "nas" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" acct_table1 = "radacct" num_sql_socks = 3 connect_failure_retry_delay = 60 postauth_query = "INSERT into ${acct_table1} (radacctid, username, nasipaddress, nasportid, acctterminatecause, acctstarttime, acctstoptime, callingstationid, servicetype, framedprotocol, framedipaddress,acctauthentic) values ('', '%{User-Name}', '%{NAS-IP- Address}', '%{NAS-PORT}', '%{reply:Packet-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '% S', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '% {Framed-IP-Address}', '%{Acct-Authentic}')" } then I put sql_failed_reject to the postauth section in radiusd.conf post-auth { # Get an address from the IP Pool. # main_pool reply_log sql # sql_log # ldap Post-Auth-Type REJECT { #insert-module-name-here #sql sql_failed_reject } } modify dialup admin failed login page to check for Access Reject. that's it, now I can see failed user in dialup admin thanks for freeradius === On Wed, 2007-01-31 at 19:42 +0700, kemas wrote: > I have a small accounting problem with freeradius and dialup admin which > I can't find a way to solve it. > > I've set freeradius to authenticate EAP-TLS, I want to log people who > failed to authenticate to mysql with rlm_sql, which will show in dialup > admin failed login page. > > I put in radiusd.con post-auth section the sql module: > Post-Auth-Type REJECT { > #insert-module-name-here > sql > } > > the post-auth query in sql.conf: > postauth_query = "INSERT into ${postauth_table} (id, user, pass, > reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap- > Password}', '%{reply:Packet-Type}', NOW())" > > > the sql query runs well, it put the failed login to the radpostauth > table but the dialup admin failed login page is searching to the radacct > table for the failed user which will never find it. > > am I doing the right way to put the sql module inside the post-auth? or > should I put it in other section? > > I don't want to change the postauth_query but is there any way to add > another query to put the data to radacct table? > > thanks in advance > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html