On 03/08/2012 04:44 PM, Morris, Andi wrote:
I’m trying to trace an access attempt that occurred today so that I can
categorically say to a user that you were successfully connected to our
network, or not, whatever the case maybe. However I’m struggling to
create a chain of events by going through the logs.
I can see by grepping the logs in the radacct folder that the user sent
the access-request. The results are in both the auth-detail and the
pre-proxy-detail logs. From there I can see in my internal radius
servers that the access was accepted, but I cannot find any reference to
the user, or the any of the incoming conversation in the outgoing logs
like post-proxy, or reply. I was hoping I’d see a reference to the
username and Access-Accept or similar.
Well, is the server setup to log auth responses?
post-auth {
...
detail
...
}
?
Can someone please help me out by letting me know if there is one common
string that will help me trace one request incoming and outgoing?
Not really. For example:
Fri Mar 9 00:06:17 2012
Packet-Type = Access-Accept
Class = 0x77...
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
MS-MPPE-Send-Key = 0x23...
MS-MPPE-Recv-Key = 0x2b...
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "mmm"
Note there's not much here; nothing which will tell you what the
corresponding request is. You can possibly GUESS, based on the reply
User-Name (if present - EAP only, typically) and the fact that, probably
(hopefully) your detail files are per-NAS.
On that topic; I do occasionally wonder if it wouldn't make sense for
"detail" files to have an unambiguous item tying the request to a reply,
because it can be tricky at times, especially on a busy NAS.
FreeRADIUS-Correlation-Id = 192.0.1.1-3253523-1
Hmm. I bet you can do that with unlang; interesting...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
