logging, the Security group wants the Accounting logs sent to their logging
cluster (in real-time) so they can put them in their elasticsearch database
and respond to incidents.
Well you don't want the main log file from the daemon which makes it easier.
That can only go to one place
Alan,
Thanks for responding.
I'm from the Security group so I'm not intimately familiar with FreeRADIUS -
can you please elaborate on how it would work off we set up a Virtual
Accounting server?
Sent from my iPhone
On Sep 5, 2013, at 5:53 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
The default install comes with a few accounting virtual servers that you can
use. I'd strongly advise one of the or of band asynchronous ones.
If you use UDP syslog is not blocking. .. it is fire and forget. .. so if you
might lose packets if you have congested links or a disruption between
All,
I could use some help in understanding my options for the following scenario:
In our environment, FreeRADIUS currently writes its Accounting logs to the
local drive - one file per authorized client. In addition to the local
logging, the Security group wants the Accounting logs sent
: Re: FreeRADIUS Accounting Logging to Two Separate Locations
Simultaneously
Message-ID: e1c61c30-b39e-4d42-9532-1b113dbc2...@freeradius.org
Content-Type: text/plain; charset=us-ascii
On 5 Sep 2013, at 18:29, Chris Decker csd...@psu.edu wrote:
All,
I could use some help
time
to switch off of digests.
Date: Thu, 5 Sep 2013 19:11:35 +0100
From: Arran Cudbard-Bell a.cudba...@freeradius.org
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Subject: Re: FreeRADIUS Accounting Logging to Two Separate Locations
Simultaneously
On 28 Aug 2013, at 23:39, Andrej andrej.gro...@gmail.com wrote:
I would like f_ticks to write out a single line into syslog that
contains the inner and outer
identity of an authentication request, the station ID and MAC address.
In case of a successful authentication or rejection I'd like
Andrej wrote:
This brings me back to my earlier question: what values are available
where, and when,
via which mechanism?
This was asked and answered. I suggest reading responses to your
messages.
Asking what values are available is wrong. There are no magic
values in the server. There
Your reference is wrong/unknown which means that there's a noop. This means no
operation which means no fticks output
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 28 August 2013 18:49, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
Thanks Alan,
Your reference is wrong/unknown which means that there's a noop. This means
no operation which means no fticks output
This brings me back to my earlier question: what values are available
where, and when,
via which
On Thu, Aug 29, 2013 at 10:39:50AM +1200, Andrej wrote:
On 28 August 2013 18:49, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
Thanks Alan,
Your reference is wrong/unknown which means that there's a noop. This means
no operation which means no fticks output
This brings me back to my earlier
Hi,
I'm trying to find a way to log EAP requests and responses on an IdP in
such way that the inner and outer identity of a request end up on one
line; using linelog via f_ticks I managed to get a slightly more concise
logging going than the detail level in accounting messages. But I'd like
logging going
than the detail level in accounting messages. But I'd like to be able to
correlate the two, and am struggling to do so.
Is there a way to e.g. pass information from the outer processing on to the
inner so I can log both from there, rather than logging both identities
On 28 August 2013 05:09, Arran Cudbard-Bell a.cudba...@freeradius.org wrote:
Hi Arran,
Is there a way to e.g. pass information from the outer processing on to the
inner so I can log both from there, rather than logging both identities
individually? While it's feasible to have both when
Andrej wrote:
Cool - I'll give that a go. Is there a comprehensive list anywhere of
which kind of values
is permissible in which context?
See the debug output. If it's in the debug output, you can use it.
If it's not in the debug output, it doesn't exist. And you can't use it.
You can
On 28 August 2013 09:09, Alan DeKok al...@deployingradius.com wrote:
See the debug output. If it's in the debug output, you can use it.
If it's not in the debug output, it doesn't exist. And you can't use it.
You can always reference the outer tunnel from the inner one.
OK. So, I found
. Anyways the reason I have this is what I want this to do is once
someone is logged into a switch with the FreeRadius credentials I want the
session to be logged as to what they are changing. I know Cisco has a built
in logging system but it is pretty vague I was just curious if there is
away
in logging system but it is
pretty vague I was just curious if there is away to actually show what the
person is changing.
ProCurve kit sends the commands issue in HP-Command-String (a VSA), I believe
the HP commands closely mirror the Cisco ones for AAA.
http://wiki.freeradius.org/vendor/HP
Hi,
We're using 2.1.12.
We require a full log of everything that gets sent between a controller and
freeradius.
We've configured detail.log, inner-tunnel and default to log
authentications and replies which work for us, but is there any way to also
log Access-Challenge? I've read some very old
Possiblebut unlikely to get what you want if you are using EAP methods and
wireless
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can freeradius be configured to authenticate all requests and only log the
authentication attempts, including username and password in plain text.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Wed, Oct 10, 2012 at 5:30 AM, Metcalf, David
david.metc...@expedient.com wrote:
Can freeradius be configured to authenticate all requests and only log the
authentication attempts, including username and password in plain text.
Sort of. See
Hello,
Using FreeRadius 2.1.10, I am seeing a lot of logged 'Info' messages
about the socket command file. A snippet shows:
Mon Sep 3 11:12:41 2012 : Info: ... adding new socket command
file /var/run/radiusd/radiusd.sock
Mon Sep 3 11:12:41 2012 :
John Horne wrote:
Using FreeRadius 2.1.10, I am seeing a lot of logged 'Info' messages
about the socket command file. A snippet shows:
Mon Sep 3 11:12:41 2012 : Info: ... adding new socket command
file /var/run/radiusd/radiusd.sock
...
As can
On Mon, 2012-09-03 at 12:57 +0200, Alan DeKok wrote:
John Horne wrote:
Using FreeRadius 2.1.10, I am seeing a lot of logged 'Info' messages
about the socket command file. A snippet shows:
Mon Sep 3 11:12:41 2012 : Info: ... adding new
There's no module to do this. There are very few reasons to do this,
IMHO.
The reason: vendors have bugs in their accounting implementations, and we
want to be able to show them the original raw packets to prove it's not our
accounting collectors which are mis-interpreting the data.
The
Brian Candler wrote:
The reason: vendors have bugs in their accounting implementations, and we
want to be able to show them the original raw packets to prove it's not our
accounting collectors which are mis-interpreting the data.
My $0.02 is that you should name shame the vendors. This has
A bit of radsniff and even raddebug (just capturing accounting packets) via
radmin might be enough to capture the badness they are sending?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I would like to put accounting logs into some sort of database, but store
the entire raw binary packet as well as some decoded attributes.
I can think of plenty of options for the storage: e.g. mysql Blob column,
CouchDB binary attachment, MongoDB etc. But I can't see how to get at the
raw
Brian Candler wrote:
I would like to put accounting logs into some sort of database, but store
the entire raw binary packet as well as some decoded attributes.
I'd suggest using tcpdump for raw packets.
I can think of plenty of options for the storage: e.g. mysql Blob column,
CouchDB
Hi
is it possible to exclude particular user to not being logged in the radius.log
file ?
I have some users that periodically connect and download config files from the
routers and they filled the log quite a lot
Thanks
Pet
-
List info/subscribe/unsubscribe? See
dorje2...@seznam.cz wrote:
is it possible to exclude particular user to not being logged in the
radius.log file ?
Not really. If you're logging user authentications, they *all* get
logged.
I have some users that periodically connect and download config files from
the routers
is it possible to exclude particular user to not being logged in the
radius.log file ?
Not really. If you're logging user authentications, they *all* get
logged.
I have some users that periodically connect and download config files from
the
routers and they filled the log quite
dorje2...@seznam.cz wrote:
Hi alan , thanks for you answer. Actually i'm not logging into radius.log, bu
to be precise i'm sending the logs into syslog at the facility local1
Is is the same in this case ?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
George Koulyabin wrote:
And 'Module-Failure-Message' is empty.
Did I make mistake in configuration?
How are you referencing it? You added it to the control list. Are
you using %{control:Module-Failure-Message} ?
Alan DeKok.
-
List info/subscribe/unsubscribe? See
No, I used reference to %{Module-Failure-Message}.
I changed reference from %{Module-Failure-Message} to
%{control:Module-Failure-Message} and message 'User not found' droped to
database. It works.
But when I sent request with wrong password, message 'Bad password' did not
drop to database
Hi.
I am using FreeRADIUS 2.1.12.
I tried to save results of process access requests to SQL database using
postauth_query. I used 'Module-Failure-Message' attribute as a comment for
rejected requests. The message 'rlm_pap: CLEAR TEXT password check failed'
drops to database when password is
George Koulyabin wrote:
I tried to save results of process access requests to SQL database using
postauth_query. I used 'Module-Failure-Message' attribute as a comment for
rejected requests. The message 'rlm_pap: CLEAR TEXT password check failed'
drops to database when password is wrong,
I'm using this section.
...
Post-Auth-Type REJECT {
...
sql_auth
}
...
Records drop to database when access is rejected. But I want to see reason of
rejection. As in radius.log.
On Fri, Apr 27, 2012 at 11:17:30AM +0200, Alan DeKok wrote:
George Koulyabin wrote:
Records drop to database when access is rejected. But I want to see reason of
rejection. As in radius.log.
Edit the SQL queries to include Module-Failure-Message.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I do it. But I see comments in some cases only. This attribute is filled when
access rejected with wrong password. But this attribute is empty when user is
not found (unknown username). Does other attribute (or hint) exist for cases
when Module-Failure-Message is empty?
On Fri, Apr 27, 2012 at
George Koulyabin wrote:
I do it. But I see comments in some cases only. This attribute is filled when
access rejected with wrong password. But this attribute is empty when user is
not found (unknown username). Does other attribute (or hint) exist for cases
when Module-Failure-Message is
I tried to implement Your advice.
1) Changes in configuration:
authorize {
...
sql_auth
if ( notfound ) {
update control {
Module-Failure-Message := 'User not
found'
hi,
I'm setting up wifi internet in my student dorm (90 people) and thought wpa2
enterprise with FreeRADIUS (version 2.1.8 running on Ubuntu) would be a good
solution, together with the incredibly stable Linksys WRT54GL and dd-wrt.
There are a few problems I cannot figure out though:
i'd
- Original Message -
From: Alan Buxey a.l.m.bu...@lboro.ac.uk
I'm setting up wifi internet in my student dorm (90 people) and thought wpa2
enterprise with FreeRADIUS (version 2.1.8 running on Ubuntu) would be a good
solution, together with the incredibly stable Linksys WRT54GL and
.
#
regular_expressions = yes
extended_expressions= yes
#
# Logging section. The various log_* configuration items
# will eventually be moved here.
#
log {
#
# Destination for log messages. This can be one of:
#
# files - log to file, as defined below
Hi Johan,
On Sat, Apr 14, 2012 at 12:06:54PM +0200, Johan Swetzén wrote:
I'm setting up wifi internet in my student dorm (90 people) and
thought wpa2 enterprise with FreeRADIUS (version 2.1.8 running
on Ubuntu) would be a good solution, together with the
incredibly stable Linksys WRT54GL and
On Sat, Apr 14, 2012 at 5:06 PM, Johan Swetzén jo...@swetzen.com wrote:
Hi!
I'm setting up wifi internet in my student dorm (90 people) and thought wpa2
enterprise with FreeRADIUS (version 2.1.8 running on Ubuntu) would be a good
solution, together with the incredibly stable Linksys WRT54GL
It's a section, just like any other section. This is documented in
man unlang. You put modules or unlang rules there. This is
documented in man unlang.
Thanks!! That is exactly what I needed. I did not know to look in that man
page. Awesome!
If there is documentation on
just changed the Access-Request= definition to:
Access-Request = Rejected access: %{User-Name} SSID: %{NAS-Port-Id}
and the filename= line to be: ${logdir}/authrejectlog-%Y%m%d.log
(yep I could make a subsection to linelog with those changes but chose not
to).
So I am now logging username rejects
Hi,
being a mooch. The only reason I can think of such short and erroneous
replies is that some people helping on the list are generally annoyed by
any questions. That is too bad. A quick reply of use linelog would have
been helpful. Why not help people?
...or it could be that
Ok. I did follow this advice:
snip
Ok I went back, looked at the config, and used some common sense to
figure
part of it out. I have it now logging replys for rejects using the
...to remind you what Alan said:
�Read raddb/sites-available/default. �Look for Post-Auth-Type Reject
Josh Hiner wrote:
...to remind you what Alan said:
�Read raddb/sites-available/default. �Look for Post-Auth-Type Reject.
�This is documented.
in post-auth section
Post-Auth-Type REJECT {
attr_filter.access_reject
}
*This* is the cause of
Josh Hiner wrote:
Im not sure why people kept telling me to read the spot
above the Post-Auth-Type Reject section.
Because it describes how the Post-Auth-Type Reject section works.
Note: no text saying it magically doesn't log User-Names
Here is a paste of the text
above that section.
Ok I went back, looked at the config, and used some common sense to figure
part of it out. I have it now logging replys for rejects using the
reply_log section of ./modules/detail.log (I also enabled copy tunneled
reply to the outer tunnel in eap.conf). In the logged rejections Im not
getting
attr_filter.access_reject expand
User-Name because it uses it as its key.
I do have sql reject logging fine in other radius server setups. I read the
short doc here: http://freeradius.org/radiusd/doc/Post-Auth-Type and have
searched via google. Im sorry I just cannot figure this one out. I even see
attr_filter. I
Hi,
Ok I went back, looked at the config, and used some common sense to figure
part of it out. I have it now logging replys for rejects using the
...to remind you what Alan said:
�Read raddb/sites-available/default. �Look for Post-Auth-Type Reject.
�This is documented
common sense to figure
part of it out. I have it now logging replys for rejects using the
...to remind you what Alan said:
�Read raddb/sites-available/default. �Look for Post-Auth-Type Reject.
�This is documented.
in post-auth section
Post-Auth-Type REJECT
Hello. Im running freeradius 2.1.6 and logging to /var/log/radius in
file/detail format. Currently connection logging is working if the user
authenticates correctly. I cant get access rejects to log though. Ive
turned on reply detail but that is only showing successful attempts too.
I have
Josh Hiner wrote:
Hello. Im running freeradius 2.1.6 and logging to /var/log/radius in
file/detail format. Currently connection logging is working if the user
authenticates correctly. I cant get access rejects to log though. Ive
turned on reply detail but that is only showing successful
I was trying to get linelog to log a CSV style log file with the Access
Accept and Reject messages for auditing purposes.
Took a while to see that the Access-Reject verb doesn't work in the
modules/linelog file, it only ever uses the Access-Request since all the
requests are Access-Request
Olivier Bilodeau wrote:
http://wiki.freeradius.org/Rlm_perl#Logging refers to:
0 - Debug
1 - Auth
Those are wrong. See src/include/radiusd.h, L_DBG, etc.
I've fixed the Wiki.
I expected Debug not to go out in radius.log and Auth to do since I
specified Auth to yes in radiusd.conf
Hi there!
It's been a while.. François turned out to be our official
freeradius-users correspondent lately ;)
So, I'm changing some things in our rlm_perl module and tried to make a
better use of the logging facilities provided by the freeradius core.
http://wiki.freeradius.org/Rlm_perl#Logging
Hello
I am using FreeRADIUS 2.1.9-3 on CentOS 6.0. I am sending all syslog output to
a remote rsyslog server (and have local1.* assigned to RADIUS in
rsyslogd.conf). I want to log only auth failures, not successful logins. Is
there an easy way to do this? I don't want to use a SQL backing
Ian Ehrenwald wrote:
Hello
I am using FreeRADIUS 2.1.9-3 on CentOS 6.0. I am sending all syslog output
to a remote rsyslog server (and have local1.* assigned to RADIUS in
rsyslogd.conf). I want to log only auth failures, not successful logins. Is
there an easy way to do this? I don't
Hi Alan
Thanks for the quick reply. I believe I've accomplished what I wanted to do.
I've set 'auth' to undefined in the log{} section of radiusd.conf, created
another instance of the linelog module called linelog_REJECT in which I set the
reference to %{reply:Packet-Type}, and then added
Hi, all,
I have set up VMPS with FreeRADIUS 2.1.12 to use with our internal
Cisco switches. After finding the sample files and some documentation
with Google, I'm quite satisfied with the result. At least everything seems
to work as designed.
Besides … ;-) logging seems to be somewhat
On 01/12/2012 03:25 PM, Patrick M. Hausen wrote:
VMPS-Packet-Type = VMPS-Join-Request
VMPS-Error-Code = VMPS-No-Error
VMPS-Sequence-Number = 892
VMPS-Client-IP-Address = 1.2.3.4
VMPS-Port-Name = Fa0/21
VMPS-VLAN-Name = --NONE--
Hello,
Am 12.01.2012 um 16:59 schrieb Phil Mayers:
On 01/12/2012 03:25 PM, Patrick M. Hausen wrote:
VMPS-Packet-Type = VMPS-Join-Request
VMPS-Error-Code = VMPS-No-Error
VMPS-Sequence-Number = 892
VMPS-Client-IP-Address = 1.2.3.4
VMPS-Port-Name = Fa0/21
Yes, look at the linelog module
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
I try to log users if they connect to radius, is it possible to track
that without all other informations from debug mode?
So best would be I only see that: [TIME]: foobar logged in
Thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello ,
I enable accounting on freeradius server. I see logs are stored under
repository wich contains the ip of controller.
Is it possible to change this and specify an other name ?
Cheers
-
List info/subscribe/unsubscribe? See
vazoumana fofana wrote:
I enable accounting on freeradius server. I see logs are stored under
repository wich contains the ip of controller.
You mean the detail files.
Is it possible to change this and specify an other name ?
Yes. See raddb/modules/detail
That's why the configuration
Hi all,
I am hoping that someone can help me.
I need more informations in the logs because sometimes the radius
service will be stopped. But i don't know why.
Where i must configure this Loglevel to get more informations in this
logs?
best regards
David Sandmann
smime.p7s
Description:
sandm...@uni-greifswald.de wrote:
I need more informations in the logs because sometimes the radius
service will be stopped. But i don't know why.
Where i must configure this Loglevel to get more informations in this logs?
Your best bet is to run it under gdb. See doc/bugs
Alan DeKok.
-
Hello.
I am running 2.1.10. Is it possible to log to files and syslog (both)?
Regards
Mika
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Logging-to-destination-files-AND-syslog-tp5010771p5010771.html
Sent from the FreeRadius - User mailing list archive at Nabble.com
Mika wrote:
Hello.
I am running 2.1.10. Is it possible to log to files and syslog (both)?
No. Use something like rsyslog to send logs to multiple destinations.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hey thanks! that did it.
From: Arran Cudbard-Bell a.cudba...@freeradius.org
To: Det Det det.explo...@yahoo.com; FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Sent: Monday, October 24, 2011 6:09 PM
Subject: Re: Stop Logging in radpostauth
Hi,
How do I stop logging in radpostauth table? Is commenting out the query that
inserts to radpostauth a correct way of doing that?
thanks!
det
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 24 Oct 2011, at 12:03, Det Det wrote:
Hi,
How do I stop logging in radpostauth table? Is commenting out the query that
inserts to radpostauth a correct way of doing that?
No... comment out the SQL call in the post-auth section.
-Arran
Arran Cudbard-Bell
a.cudba...@freeradius.org
for third-level support.
As we've rolled out WPA2 and the supplicants give no useful information
about authentication failures to end-users, our help desk is being
inundated with help, I can't login calls. We do auth logging to MySQL.
Help desk staff are not given access to our authentication servers, so
with
a nice web front end for 'low level access' is a must.
there have been discussions in europe about way of logging the reason for a
failure and
putting it onto a sites secure web area so that users can log in and see why
things arent
working for them
alan
-
List info/subscribe/unsubscribe
of logging the reason for a
failure and
putting it onto a sites secure web area so that users can log in and see why
things arent
working for them
Sounds like exactly what I need. Perhaps a patch to set an internal
control: attribute, which could then be logged however (for me,
Post
1) How do other people - specifically organizations with a help desk
large enough that they're distinctly separate from anyone with enough
privs to tail a log file - handle user support of authentication failures?
In a former life I worked at a largish UK university. Whilst I was there I
if(!control:NT-Password !control:Cleartext-Password){
update control {
Reject-Reason := 'AttributeMissing'
}
}
oops...
-
Arran Cudbard-Bell
a.cudba...@freeradius.org
Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !
-
List
On 2 Aug 2011, at 16:09, Palmer J.D.F. wrote:
Didn't think xlat could do inserts and updates?
I wrote the patch to add the functionality and its been in the server
code for about the past three years :)
Good stuff. :)
The source of rlm_sql.c still states only ...
* sql xlat
Hi,
Further to my last foray onto the list regarding SoH, I'm looking to
commit the returned SoH info to the radius database using FreeRADIUS'
sql connection.
I could be well off target here, but please humour me, so far I have...
Created a table 'radsoh', and declared this inside sql.conf.
Palmer J.D.F. wrote:
Further to my last foray onto the list regarding SoH, I'm looking to
commit the returned SoH info to the radius database using FreeRADIUS'
sql connection.
It's just attributes.
I could be well off target here, but please humour me, so far I have...
Created a table
On 2 Aug 2011, at 15:07, Alan DeKok wrote:
Palmer J.D.F. wrote:
Further to my last foray onto the list regarding SoH, I'm looking to
commit the returned SoH info to the radius database using FreeRADIUS'
sql connection.
It's just attributes.
just use sql xlat...
update request {
Palmer J.D.F. wrote:
Further to my last foray onto the list regarding SoH, I'm looking
to
commit the returned SoH info to the radius database using
FreeRADIUS'
sql connection.
It's just attributes.
just use sql xlat...
update request {
Tmp-String-1 := %{sql:INSERT INTO
On 2 Aug 2011, at 15:44, Palmer J.D.F. wrote:
Palmer J.D.F. wrote:
Further to my last foray onto the list regarding SoH, I'm looking
to
commit the returned SoH info to the radius database using
FreeRADIUS'
sql connection.
It's just attributes.
just use sql xlat...
update request {
Didn't think xlat could do inserts and updates?
I wrote the patch to add the functionality and its been in the server
code for about the past three years :)
Good stuff. :)
The source of rlm_sql.c still states only ...
* sql xlat function. Right now only SELECTs are supported.
We'd
Hello,
I'm sorry, that I ask again ..
We are using the freeradius server with authentication against ldap as
local database and proxy the realms (IPASS) to authenticate users
are not in our database.
So is is possible, to disable the password logging only for the
proxied request?
The local
Hello,
we are using the freeradius server with authentication against ldap as
local database and proxy and realms (IPASS) to authenticate users
are not in our database.
So is is possible, to disable the password logging only for the
proxied request.
The local requests are only users who got
On 05/19/2011 08:04 PM, John Douglass wrote:
Now, the actual ntlm_auth command within the $RADIUS/modules/mschap does
read:
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key
--username=%{%{Stripped-User-Name}:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00}
to get the output of ntlm_auth logged correctly?
Am I missing a logging option or configuration option to enable me to
get additional information out of the ntlm_auth failure or is this code
not functioning correctly?
Below is a full debug of a failed authentication with a non-existent
user
I found a similar user in an old thread who submitted a patch:
(http://freeradius.1045715.n5.nabble.com/Capturing-ntlm-auth-failure-
reasons-in-rlm-mschap-td2791760.html)
And it appears that this patch made it into the rlm_mschap.c module code:
I submitted that patch and it was included in
On 19/05/2011 21:00, Garber, Neal wrote:
I found a similar user in an old thread who submitted a patch:
(http://freeradius.1045715.n5.nabble.com/Capturing-ntlm-auth-failure-
reasons-in-rlm-mschap-td2791760.html)
And it appears that this patch made it into the rlm_mschap.c module code:
I
doing it wrong. The whole point of accepting the user
is that you *don't* reject them.
Change your rules to reject the user *before* they're accepted. The
logging will then behave as you expect. It doesn't behave as you expect
now, because you're rejecting them after you've accepted them
Alan DeKok wrote:
Because you're doing it wrong. The whole point of accepting the user
is that you *don't* reject them.
Change your rules to reject the user *before* they're accepted. The
logging will then behave as you expect. It doesn't behave as you expect
now, because you're
1 - 100 of 651 matches
Mail list logo