FreeRadius Log
Hi all, I have installed freeradius on a debian machine and it work well. In the log I see that freeradius record failed and accepted authentication, reporting the user, the password and the user client station, but not the device wich someone has tried to make access. For example: from my pc I try to connect to a router without the correct credentials. Freeradius log that my PC with IP address 1.1.1.1 has tried to make access with the user admin and password admin, but do not report the address of the router to wich someone has tried to make access, so if I use freeradius for authenticating user on many device, I can't know on which device someone has tried to make access. There is a way to log also this information? Regards Danilo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius Log
I try to explain better what I want. My freeradius server is 10.0.0.1 and the router that use the radius service is 192.168.0.1 and I try to connecto to the router from my pc with ip address 172.16.0.1 The log report this information: Auth: Login OK: [test] (from client myhomenetwork-network port 194 cli 172.16.0.1) Is it possibile to add the information of the router on which I have request access? I try to enable the datil log, but seems to be not work... But I'm searching on the mailing list archive an help for this problem. Thanks for the help! Regards Danilo 2008/7/23 Alan DeKok [EMAIL PROTECTED] Danilo Molini wrote: For example: from my pc I try to connect to a router without the correct credentials. Freeradius log that my PC with IP address 1.1.1.1 has tried to make access with the user admin and password admin, but do not report the address of the router to wich someone has tried to make access, so if I use freeradius for authenticating user on many device, I can't know on which device someone has tried to make access. See the FAQ for it doesn't work. Also, I'm not sure I understand what you're talking about. RADIUS does *not* provide the IP address of end machines during the authentication process. Routers do not usually do RADIUS authentication, either. *Switches* do RADIUS authentication. i.e. You seem to have confused the roles and/or names of the machines involved. As a result, it's difficult to understand what's happening, or what you want to have happen. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius Log
I'm sorry! I try to connect in telnet...
Moreover, probably I solved my problem with your suggestion.
In the clients.conf I create a specific client for each host on my network,
like this:
client 192.168.0.1/32 {
secret = secret
shortname = router
}
client 192.168.0.2/32 {
secret = secret
shortname = switch
}
and not a unique client like I using before:
client 192.168.0.0/24 {
secret = secret
shortname = mynetwork
}
Now when I try to make access trough telnet on my router or on my switch, in
the radius.log I see all the information that I need:
Wed Jul 23 12:06:42 2008 : Auth: Login OK: [test] (from client router port
194
cli 172.16.0.1)
Wed Jul 23 12:06:42 2008 : Auth: Login OK: [test] (from client switch port
194
cli 172.16.0.1)
Thanks for the help!
Regards
Danilo
2008/7/23 Alan DeKok [EMAIL PROTECTED]
Danilo Molini wrote:
I try to explain better what I want.
My freeradius server is 10.0.0.1 and the router that
use the radius service is 192.168.0.1 and I try to
connecto to the router from my pc with ip address 172.16.0.1
'connect... how? Administrator login on the router? Please be specific.
You have been careful to *not* describe what you are trying to do.
The less information you give, the harder it is for anyone to help you.
The log report this information:
Auth: Login OK: [test] (from client myhomenetwork-network port 194 cli
172.16.0.1 )
Is it possibile to add the information of the router on which I have
request access?
Read the log message again. It *is* printing out the client
information. In this case, it's myhomenetwork-network.
If you want it to print out something else for the name of the client,
edit the shortname field of the client entry that defines the client
IP, shared secret, etc.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
