Found an interesting thing today... I've switched totally over to freeradius after putting it off for months. Things are working fine. I authenticate (for the most part) out of a MySQL database, with a few users through a users file entry (for really strange replies like routing down subnets and such).
The interesting thing I came across was this -- When someone logs in with an invalid username and password, most of the time I do not get a radius.log entry stating that an invalid pair was used. If I didnt get the entry EVER, then I would suspect something in my configuration. But it happens on occasion..
I've checked my radiusd.conf file, and I think I have it setup right for logging...
log_stripped_names = yes
log_auth = yes
log_auth_badpass = yes
log_auth_goodpass = noIt's helpful for us to be able to see what people are typing in for their password so we can tell if they have their caplocks on or some such... At this point, we not only do not see invalid logins usually, but we also of course dont see the incorrect password most of the time.
Any thoughts as to why FreeRadius could be sort of erratic about logging bad logins?
Thanks, Brad
P.S. - FreeRadius is great. It's so nice being able to work directly with a MySQL back-end. I was used to Cistron before, using flat files for all authentication. We had a bunch of scripts written to manage the users file, but on occasion the script used to choke and mess up the file by adding an extra line or some such... Now with MySQL, I feel much safer. Thanks for the nice software.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
