On Sun, Jun 20, 2004 at 03:54:28PM +0200, Stephan von Krawczynski wrote:
> On Sun, 20 Jun 2004 23:25:01 +1000
> [EMAIL PROTECTED] (Paul Hampson) wrote:
>
> > On Sun, Jun 20, 2004 at 02:42:52PM +0200, Stephan von Krawczynski wrote:
> > > this is possibly a very simple question, but browsing through the list and
> > > FAQs I could not find any hints.
> > > How can you write the information auth_log produces in a logfile to sql
> > > instead_without_ doing authentication via sql?
> > > You can't simply write "sql" into the "authorize" section, because it will
> > > try to authorize, right?
> >
> > You're after the post-auth SQL query. Edit it and the table to record
> > what you want to see, and then put sql in your post-auth section, in the
> > appropriate Post-Auth-Type section if relevant.
> >
> > You'll have to be using 1.0 or 1.1 series FreeRADIUS to have this.
>
> Hello Paul,
>
> Thanks for this hint.
> The problem with this solution is (as far as I can see):
>
> # Post-Authentication
> # Once we KNOW that the user has been authenticated, there are
> # additional steps we can take.
> post-auth {
>
> This means it does not get called if authentication failed, correct?
That probably should read "Once we KNOW that the user has been
authenticated or not,"
> Contrary "auth_log" gets called for every authentication-request, no matter if
> failing or succeeding later on. This may be important while debugging user
> login problems. It would not help a lot if you could only see the working
> cases...
> Any additional thoughts?
> Stephan
If you look further down, you'll see the stanza that gets called if the
request is rejected, under "Post-Auth-Type REJECT". Put sql in there
as well as in the main stanza (directly above this one) and it'll get
called on both accept and reject. From memory, the default Post-Auth
SQL query logs Accept or Reject as well as time and username.
--
Paul "TBBle" Hampson, on an alternate email client.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
