hi, all!
Now I want to record the user access history in the radius.log file. I use fr
2.19 and ttls-mschapv2.
I notice that it now only records the user/password log in the radius.log
file.
for example,
when I use a correct password for user "test",
Tue Jul 13 12:03:49 2010 : Auth: Login OK: [test/<via Auth-Type = EAP>] (from
client localhost port 0 via TLS tunnel)
Tue Jul 13 12:03:49 2010 : Auth: Login OK: [anonymous_identity/<via Auth-Type =
EAP>] (from client localhost port 0 cli 02-00-00-00-00-01)
when I use a wrong password for user "test",
Tue Jul 13 12:04:09 2010 : Auth: Login incorrect: [test/<via Auth-Type = EAP>]
(from client localhost port 0 via TLS tunnel)
Tue Jul 13 12:04:09 2010 : Auth: Login incorrect: [anonymous_identity/<via
Auth-Type = EAP>] (from client localhost port 0 cli 02-00-00-00-00-01)
But no log is recorded if the certificates is wrong (which is possible in real
scenarios).
I have noticed that if the certificates is wrong, the "radiusd -Xxxxx" will
output things like that:
Fri Jul 16 17:23:30 2010 : Info: [eap] EAP NAK
Fri Jul 16 17:23:30 2010 : Info: [eap] EAP-NAK asked for EAP-Type/ttls
Fri Jul 16 17:23:30 2010 : Info: [eap] processing type askedtls
If this notifys the wrong certificate? Then maybe I can put a "radlog" in the
following part of eap.c?:
case PW_EAP_NAK:
/*
* The NAK data is the preferred EAP type(s) of
* the client.
*
* RFC 3748 says to list one or more proposed
* alternative types, one per octet, or to use
* 0 for no alternative.
*/
RDEBUG2("EAP NAK");
thanks a lot!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
