Guy Fraser wrote: > I thought this would be enough to make it log failed authentications :
Yes. But to flat-text files, not to SQL. > post-auth { > reply_log > sql > sql_log This says "log to SQL on success". > exec > Post-Auth-Type REJECT { > attr_filter.access_reject You could put SQL logging here, too. > The configuration has changed significantly since I last contributed to > this project. The main changes are moving text from one file to another. e.g. the large chunks of "authorize", etc. in radiusd.conf have moved to separate files. But the main configuration is still pretty much the same. Older configuration files can be used *almost* unchanged. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html