On 6 Dec 2012, at 11:33, Scott Armitage <s.p.armit...@lboro.ac.uk> wrote:
> All, > > I have noticed a behaviour in the logging and I'm not sure if it is > misconfiguration on my part, misunderstanding of the expected behaviour or a > bug. If I attempt to log in using EAP-MSCHAPv2 inside of an eap method > (e.g. PEAP/EAP-MSCHAPv2) I see "Login OK:" for the outer EAP regardless of > the result of the inner EAP. e.g: > > Thu Dec 6 11:10:55 2012 : Auth: Login OK: [scott] (from client pepsi port 0 > cli 02-00-00-00-00-01 via TLS tunnel) > Thu Dec 6 11:10:55 2012 : Auth: Login OK: [scott] (from client pepsi port 0 > cli 02-00-00-00-00-01 via TLS tunnel) > Thu Dec 6 11:10:56 2012 : Auth: Login OK: [anonym...@lboro.ac.uk] (from > client pepsi port 0 cli 02-00-00-00-00-01) > > This means if I have a user with a bad password I get the following in the > log: > > Thu Dec 6 11:21:37 2012 : Auth: Login OK: [scott] (from client pepsi port 0 > cli 02-00-00-00-00-01 via TLS tunnel) > > As the mschap module is waiting for the user to re-enter their password > eventual it times out. Therefore this is the only entry in the log. Which > is somewhat confusing, as it has actually failed but the only log entry is > "Login OK". > > Has anyone else noticed this behaviour? or have I configured something wrong? > > Regards > > Scott Armitage- > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Sorry forgot to say. I notice this with both FreeRADIUS Version 2.2.0 and 3.0 Regards Scott
signature.asc
Description: Message signed with OpenPGP using GPGMail
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html