>i am using FreeRADIUS 2.0.5. Successfull logins into cisco routers are >logged great (using Accounting), but i need to log also the failed >attempts. In /var/log/radius.log radius does log the failed attempts, >BUT if in clients.conf i have created client as 10.0.0.0/8 (a network, >not a host), then in the log file i will see the NAS ip address >10.0.0.0/8, which is not enough. I need to see the exact NAS ip address. >It would be insane to add every single router into the clients.conf >file, so i assume there is a way how to solve this. >
Logging failed attempts is a very bad idea. You are opening yourself to denial of service attack. You can list perl in Post-Auth-Type REJECT and log Client-IP-Address to radius.log from perl. Linelog module probably works in post-auth as well. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
