All, I have noticed a behaviour in the logging and I'm not sure if it is misconfiguration on my part, misunderstanding of the expected behaviour or a bug. If I attempt to log in using EAP-MSCHAPv2 inside of an eap method (e.g. PEAP/EAP-MSCHAPv2) I see "Login OK:" for the outer EAP regardless of the result of the inner EAP. e.g:
Thu Dec 6 11:10:55 2012 : Auth: Login OK: [scott] (from client pepsi port 0 cli 02-00-00-00-00-01 via TLS tunnel) Thu Dec 6 11:10:55 2012 : Auth: Login OK: [scott] (from client pepsi port 0 cli 02-00-00-00-00-01 via TLS tunnel) Thu Dec 6 11:10:56 2012 : Auth: Login OK: [anonym...@lboro.ac.uk] (from client pepsi port 0 cli 02-00-00-00-00-01) This means if I have a user with a bad password I get the following in the log: Thu Dec 6 11:21:37 2012 : Auth: Login OK: [scott] (from client pepsi port 0 cli 02-00-00-00-00-01 via TLS tunnel) As the mschap module is waiting for the user to re-enter their password eventual it times out. Therefore this is the only entry in the log. Which is somewhat confusing, as it has actually failed but the only log entry is "Login OK". Has anyone else noticed this behaviour? or have I configured something wrong? Regards Scott Armitage
signature.asc
Description: Message signed with OpenPGP using GPGMail
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html