Hello Tuure, Works like a charm.. thanks a lot! Never even considered authlog .. my bad :|
Regards, Patrik Forsberg > -----Original Message----- > From: Tuure Vartiainen [mailto:[email protected]] > Sent: den 28 mars 2017 12:15 > To: Patrik Forsberg <[email protected]> > Cc: [email protected] > Subject: Re: [RADIATOR] Feature request of sort: client, nas and proxy IP for > Blacklisted users ? > > Hello, > > > On 27 Mar 2017, at 15:02, Patrik Forsberg <[email protected]> > wrote: > > > > I am using the Blacklist feature to block the most commonly used "bad" > users so they won't even get into the password routine but trying to figure > out from which router/NAS the login attempt was done is a hassle today with > having to up the trace and filter through the debug log. Would it be possible > to add NAS IP, Client IP and possibly the Proxy(if one was used) IP to the log > message ? > > "Access rejected for 888888: Blacklisted" is sort of anonymous .. > > > > you can define FailureFormat configuration option for AuthLog where you > can include wanted variables. > > https://www.open.com.au/radiator/ref/SpecialCharacters.html#SpecialChar > acters > > Example config > > # AuthLog FILE > <AuthLog FILE> > Identifier My-AuthLog-File > > # Log accepts > LogSuccess 1 > # Log format for accept > SuccessFormat %l ACCEPT user=%u from=%c nas=%N > client=%{Request:Calling-Station-Id} > > # Log failures > LogFailure 1 > # Log format for failures > FailureFormat %l REJECT user=%u from=%c nas=%N > client=%{Request:Calling-Station-Id} > > # Auth log file > Filename %L/auth-%Y-%m-%d.log > </AuthLog> > > # Default Handler > <Handler> > Identifier My-Default-Handler > > # Blacklist > AuthBy AuthBy-Blacklist > > # Actual authentication > AuthBy ... > > # AuthLog to be used > AuthLog My-AuthLog-File > </Handler> > > > Logging used RADIUS proxy requires using ReplyHook and NoReplyHook to > include proxy’s > address in a request or reply. > > https://www.open.com.au/radiator/ref/ReplyHook.html#ReplyHook > https://www.open.com.au/radiator/ref/NoReplyHook.html#NoReplyHook > > > Example for AuthBy RADIUS > > ReplyHook sub { ${$_[2]}->add_attr('OSC-Last-Proxy-Address', > (Radius::Util::unpack_sockaddr_in(${$_[3]}->{SendTo}))[1] ); } > NoReplyHook sub { ${$_[0]}->add_attr('OSC-Last-Proxy-Address', > (Radius::Util::unpack_sockaddr_in(${$_[1]}->{SendTo}))[1] ); } > > and then you can use %{Request:OSC-Last-Proxy-Address} in AuthLog’s > SuccessFormat and FailureFormat directives. > > > Logging a failure for a proxied request which was never replied requires > Radiator 4.17 which includes NoReplyReject config option > > https://www.open.com.au/radiator/ref/NoReplyReject_AuthByRADIUS.htm > l#NoReplyReject_AuthByRADIUS > > > BR > -- > Tuure Vartiainen <[email protected]> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, > NetWare etc. _______________________________________________ radiator mailing list [email protected] http://lists.open.com.au/mailman/listinfo/radiator
