> Could you please summarize what you did to log the output from > ntlm_auth and MS_CHAP-Error?
Sure. I should mention that other options are available now that didn't exist when I created the solution below... I have a PERL script that runs during authorize that obtains user/group or machine/container permissions for the NAS in question from XML files to determine whether the entity is authorized and it creates a Log-Data reply attribute containing all non-sensitive request attributes. This is then written to syslog during post-auth by another PERL script. Our help desk and others use a .Net application that I wrote to display/filter the data from the current or past log files in a grid control. The log contains specifics of the request, authorization and authentication results/messages and reply attributes. Does that answer your question? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html