Hi!
How I can trap unauthorized access?
I want to write to syslog something like
"Autorization failed for user 'username'"
I mean to Exec-Program for all failed authorizations.
I try such config
========================================================
DEFAULT Auth-Type := System
Service-Type = Framed-User,
Framed-Protocol = PPP,
Fall-Through = Yes,
Exec-Program-Wait = "/usr/local/bin/radauth"
DEFAULT Framed-Protocol == PPP
Idle-Timeout = 65535,
Framed-MTU = 576,
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP,
Fall-Through = Yes
### This default for unauthorized users.
DEFAULT Auth-Type == Reject
Exec-Program="/usr/local/bin/radfault",
Fall-Through = No
========================================================
But Radius says:
========================================================
rad_recv: Access-Request packet from host x.x.x.x:1740, id=249, length=162
User-Name = "mmike"
Password = "\010\215B\375\032\332\013>\361\324\246\233-\003\370\r"
NAS-IP-Address = x.x.x.x
NAS-Port = 20109
NAS-Port-Type = Async
Service-Type = Login-User
Calling-Station-Id = "00000000"
Ascend-Calling-Id-Type-Of-Num = Unknown
Ascend-Calling-Id-Number-Plan = ISDN-Telephony
Ascend-Calling-Id-Presentatn = Allowed
Ascend-Calling-Id-Screening = User-Not-Screened
Acct-Session-Id = "367234457"
Ascend-Data-Rate = 33600
Ascend-Xmit-Rate = 31200
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched DEFAULT at 232
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found auth-type System
auth: type "System"
modcall: entering group authenticate
HASH: user mmike found in hashtable bucket 35731
modcall[authenticate]: module "unix" returns reject
modcall: group authenticate returns reject
auth: Failed to validate the user.
Sending Access-Reject of id 249 to x.x.x.x:1740
========================================================
radfault is not calling :(
How I can do
Thanks!
Michael.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html