Re: EAP/TTLS logging
Hi Michael, that´s right. Is there any possibility to do such thing in freeradius? And the rest of problem is to see in inner authentification in log file a real username. Michael Brown wrote: This thread from the radiator list may shed some light on the situation: http://www.open.com.au/archives/radiator/2003-08/msg00084.html Quoting Fastbyte <[EMAIL PROTECTED]>: I use Odyssey client, and the problem is that in log is only anonymous user. In freeradius -X -A its possible to see which user is getting authe´d but in log files is only anonymous. Michael Brown <> mikro network solutions * http://www.mikro-net.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --- Sergio - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TTLS logging
This thread from the radiator list may shed some light on the situation: http://www.open.com.au/archives/radiator/2003-08/msg00084.html Quoting Fastbyte <[EMAIL PROTECTED]>: > > I use Odyssey client, and the problem is that in log is only anonymous > user. In freeradius -X -A its possible to see which user is getting > authe´d but in log files is only anonymous. > Michael Brown <> mikro network solutions * http://www.mikro-net.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TTLS logging
Fastbyte <[EMAIL PROTECTED]> wrote: > Sure, I'm sure and I have looked. Then I don't know what the problem is. I see no reason why the 'detail' module would log the outer request, and not the inner one. Paret of the issue may be I don't know what you mean when you say "auth_log" and "detail_log". There are no such log files distributed with the server, or configured in the server by default. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TTLS logging
Hi Alan, Sure, I´m sure and I have looked. Should i send the whole file (don´t want to spam the list) maybe you could find it. ;) Sorry but that´s the truth.. Hope that we will find a solution for this glitch... Alan DeKok wrote: Fastbyte <[EMAIL PROTECTED]> wrote: Ok the auth request is beeing logged into the detail log (auth_detail) but only with the anonymous user and looks like this: ... OK... The part i see in the radius -X -A looks as follows: TTLS: Got tunneled reply RADIUS code 2 Framed-IP-Address = 192.168.2.23 Exec-Program-Wait = "my_exec_postauth" Session-Timeout = 1800 EAP-Message = 0x03010004 Message-Authenticator = 0x User-Name = "tobi" TTLS: Got tunneled Access-Accept This part in the logs is never apearing, neither in auth_log or in detail_log. Are you sure? As I've said repeatedly, the tunneled request is just another request. So that 'tobi' User-Name should be seen in the 'detail' file, just like in the 'anonymous' user is seen there. I don't want to sound stupid, but have you looked for user 'tobi' in the detail log? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --- Regards, MfG, Dist.Saluti, Sergio - Srdjan Vemic, CEO Chief Executive Office, FutureBrain [EMAIL PROTECTED] +-+ | FutureBrain GmbH/Srl,Via Palade 97/u,I-39012 Merano(BZ),Italy | | Phone: +390473201457, Fax: +390473201437, Cell.: +393356057014 | | [EMAIL PROTECTED], w w w . f u t u r e b r a i n . i t | +-+ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TTLS logging
Fastbyte <[EMAIL PROTECTED]> wrote: > Ok the auth request is beeing logged into the detail log (auth_detail) > but only with the anonymous user and looks like this: ... OK... > The part i see in the radius -X -A looks as follows: > > TTLS: Got tunneled reply RADIUS code 2 > Framed-IP-Address = 192.168.2.23 > Exec-Program-Wait = "my_exec_postauth" > Session-Timeout = 1800 > EAP-Message = 0x03010004 > Message-Authenticator = 0x > User-Name = "tobi" >TTLS: Got tunneled Access-Accept > > This part in the logs is never apearing, neither in auth_log or in > detail_log. Are you sure? As I've said repeatedly, the tunneled request is just another request. So that 'tobi' User-Name should be seen in the 'detail' file, just like in the 'anonymous' user is seen there. I don't want to sound stupid, but have you looked for user 'tobi' in the detail log? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TTLS logging
Ok the auth request is beeing logged into the detail log (auth_detail) but only with the anonymous user and looks like this: Packet-Type = Access-Request Fri Sep 12 17:13:19 2003 User-Name = "anonymous" NAS-IP-Address = 192.168.2.220 Called-Station-Id = "0030bd965f14" Calling-Station-Id = "0030bd97d313" NAS-Identifier = "0030bd965f14" NAS-Port = 87 Framed-MTU = 1400 State = 0x5611f831363f85a702c738c261c2b189 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0204003f158000351703010030e56b0eed1cbf43a372f441195e90c01ce5a402b658d408cb5b6b1b014dbbfaadedeae45c 779f692579e2764ba522c184 Message-Authenticator = 0x86b281dfbf1024da1a5ccd4e38a34539 Client-IP-Address = 192.168.2.220 The part i see in the radius -X -A looks as follows: TTLS: Got tunneled reply RADIUS code 2 Framed-IP-Address = 192.168.2.23 Exec-Program-Wait = "my_exec_postauth" Session-Timeout = 1800 EAP-Message = 0x03010004 Message-Authenticator = 0x User-Name = "tobi" TTLS: Got tunneled Access-Accept This part in the logs is never apearing, neither in auth_log or in detail_log. Alan DeKok wrote: Fastbyte <[EMAIL PROTECTED]> wrote: I use Odyssey client, and the problem is that in log is only anonymous user. In freeradius -X -A its possible to see which user is getting authe'd but in log files is only anonymous. WHICH log files are getting WHAT logged? Can you please be a little more specific, I'm not a mind reader. I get the feeling that you're going out of your way to refuse to provide any useful information in your messages. As I said before, the tunneled authentication request is just another authentication request for the server. So any and all authentication logging done for normal requests is done for the tunneled requests. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --- Regards, MfG, Dist.Saluti, Sergio - Srdjan Vemic, CEO Chief Executive Office, FutureBrain [EMAIL PROTECTED] +-+ | FutureBrain GmbH/Srl,Via Palade 97/u,I-39012 Merano(BZ),Italy | | Phone: +390473201457, Fax: +390473201437, Cell.: +393356057014 | | [EMAIL PROTECTED], w w w . f u t u r e b r a i n . i t | +-+ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TTLS logging
Fastbyte <[EMAIL PROTECTED]> wrote: > I use Odyssey client, and the problem is that in log is only anonymous > user. In freeradius -X -A its possible to see which user is getting > authe'd but in log files is only anonymous. WHICH log files are getting WHAT logged? Can you please be a little more specific, I'm not a mind reader. I get the feeling that you're going out of your way to refuse to provide any useful information in your messages. As I said before, the tunneled authentication request is just another authentication request for the server. So any and all authentication logging done for normal requests is done for the tunneled requests. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TTLS logging
I use Odyssey client, and the problem is that in log is only anonymous user. In freeradius -X -A its possible to see which user is getting authe´d but in log files is only anonymous. Alan DeKok wrote: Fastbyte <[EMAIL PROTECTED]> wrote: Just the normal auth log of the ttls challenge; i see the tls log in the detail auth_log, but nothing of the inner authentication protocoll. I need username and logintime. That should be logged when the tunneled authentication request is processed. That request looks like just another request from a client, so all logging should be done. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --- Regards, MfG, Dist.Saluti, Sergio - Srdjan Vemic, CEO Chief Executive Office, FutureBrain [EMAIL PROTECTED] +-+ | FutureBrain GmbH/Srl,Via Palade 97/u,I-39012 Merano(BZ),Italy | | Phone: +390473201457, Fax: +390473201437, Cell.: +393356057014 | | [EMAIL PROTECTED], w w w . f u t u r e b r a i n . i t | +-+ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TTLS logging
Fastbyte <[EMAIL PROTECTED]> wrote: > Just the normal auth log of the ttls challenge; i see the tls log in the > detail auth_log, but nothing of the inner authentication protocoll. I > need username and logintime. That should be logged when the tunneled authentication request is processed. That request looks like just another request from a client, so all logging should be done. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TTLS logging
Just the normal auth log of the ttls challenge; i see the tls log in the detail auth_log, but nothing of the inner authentication protocoll. I need username and logintime. Alan DeKok wrote: Fastbyte <[EMAIL PROTECTED]> wrote: is there any logging done in TTLS? What kind of logging are you looking for? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --- Sergio - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TTLS logging
Fastbyte <[EMAIL PROTECTED]> wrote: > is there any logging done in TTLS? What kind of logging are you looking for? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP/TTLS logging
Hi, is there any logging done in TTLS? --- Sergio - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html