On 12 Jul 2013, at 23:31, kyle woock wrote:
> Freradius Users,
>
> I have installed FreeRadius on CentOS 6.4 in VMWare environment and I am
> pretty new to using something like FreeRadius. However I have it on my
> virtual machine and it is running I am able to authenticate against my Cisco
On Mon, 2012-09-03 at 12:57 +0200, Alan DeKok wrote:
> John Horne wrote:
> > Using FreeRadius 2.1.10, I am seeing a lot of logged 'Info' messages
> > about the socket command file. A snippet shows:
> >
> >
> > Mon Sep 3 11:12:41 2012 : Info: ... addin
John Horne wrote:
> Using FreeRadius 2.1.10, I am seeing a lot of logged 'Info' messages
> about the socket command file. A snippet shows:
>
>
> Mon Sep 3 11:12:41 2012 : Info: ... adding new socket command
> file /var/run/radiusd/radiusd.sock
...
> A
A bit of radsniff and even raddebug (just capturing accounting packets) via
radmin might be enough to capture the badness they are sending?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Brian Candler wrote:
> The reason: vendors have bugs in their accounting implementations, and we
> want to be able to show them the original raw packets to prove it's not our
> accounting collectors which are mis-interpreting the data.
My $0.02 is that you should name && shame the vendors. This
> There's no module to do this. There are very few reasons to do this,
> IMHO.
The reason: vendors have bugs in their accounting implementations, and we
want to be able to show them the original raw packets to prove it's not our
accounting collectors which are mis-interpreting the data.
The pr
Brian Candler wrote:
> I would like to put accounting logs into some sort of database, but store
> the entire raw binary packet as well as some decoded attributes.
I'd suggest using tcpdump for raw packets.
> I can think of plenty of options for the storage: e.g. mysql Blob column,
> CouchDB bi
Hi Alan
Thanks for the quick reply. I believe I've accomplished what I wanted to do.
I've set 'auth' to undefined in the log{} section of radiusd.conf, created
another instance of the linelog module called linelog_REJECT in which I set the
reference to "%{reply:Packet-Type}", and then added 'l
Ian Ehrenwald wrote:
> Hello
> I am using FreeRADIUS 2.1.9-3 on CentOS 6.0. I am sending all syslog output
> to a remote rsyslog server (and have local1.* assigned to RADIUS in
> rsyslogd.conf). I want to log only auth failures, not successful logins. Is
> there an easy way to do this? I don
Yes, look at the linelog module
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
vazoumana fofana wrote:
> I enable accounting on freeradius server. I see logs are stored under
> repository wich contains the ip of controller.
You mean the "detail" files.
> Is it possible to change this and specify an other name ?
Yes. See raddb/modules/detail
That's why the configura
Mika wrote:
> Hello.
> I am running 2.1.10. Is it possible to log to files and syslog (both)?
No. Use something like rsyslog to send logs to multiple destinations.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mark Holmes wrote:
> I'm looking at having freeradius log accounting information to an MS-SQL
> database on our centralised logging box.
This shouldn't be a problem. The ODBC layer works.
> Googling returns a lot of pages on this. I had a look in at them but many
> relate to freeradius 1.
Phil Mayers wrote:
> > When rlm_sql is running through each of a user's groups, the value
> > %{SQL-Group} is set for each iteration. However it's cleared at the end.
>
> I assume you're talking about the "authorize" method where it searches
> radgroupcheck/radgroupreply, rather than:
>
> if (SQL
On 23/02/11 13:31, Brian Candler wrote:
When rlm_sql is running through each of a user's groups, the value
%{SQL-Group} is set for each iteration. However it's cleared at the end.
I assume you're talking about the "authorize" method where it searches
radgroupcheck/radgroupreply, rather than:
Kristoffer Milligan wrote:
> This data is good to give me an idea of how many access rejects I am
> getting, but I have no clue from what usernames they are coming, nor WHY
> they were rejected. I know that the username in the inner tunnel is
> plaintext as well, meaning it looks like i.e kristof..
Robert White wrote:
> OK so I used TCPDUMP and it seems that the log is not incorrect...
> Radius is only sending the access-accept and nothing else. It should be
> sending other attributes but it is not.
So... what does the debug output say?
> However, the attributes are
> included in my mai
OK so I used TCPDUMP and it seems that the log is not incorrect... Radius is
only sending the access-accept and nothing else. It should be sending other
attributes but it is not. However, the attributes are included in my main
dictionary file (dictionary.wisp and dictionary.chillispot) - that sho
> Could you please share the perl scripts and the corresponding
> configuration in radiusd.conf like authorize and post-auth section
> related to these logs?
Unfortunately, I would need to get a release from my company as the code
belongs to them. I cannot post it at this time. You may want to
Thanks.
Could you please share the perl scripts and the corresponding
configuration in radiusd.conf like authorize and post-auth section
related to these logs?
Schilling
On Wed, Nov 10, 2010 at 10:04 PM, Garber, Neal
wrote:
>> Could you please summarize what you did to log the output from
>>
> Could you please summarize what you did to log the output from
> ntlm_auth and MS_CHAP-Error?
Sure. I should mention that other options are available now that didn't exist
when I created the solution below...
I have a PERL script that runs during authorize that obtains user/group or
machin
Hi,
Could you please summarize what you did to log the output from
ntlm_auth and MS_CHAP-Error? Even with configuration snippet will be
greatly appreciated!
Thanks,
Schilling
On Wed, Sep 8, 2010 at 5:02 PM, Garber, Neal
wrote:
>> Hmm... OK. The issue appears to be that the tunneled reply is
> Uh... eapol-test supports TTLS. See the FreeRADIUS source:
> src/tests/eap-ttls-*.conf
Ugh.. I should have checked the doc. I should be able to do the TTLS change
independently (i.e., you can ignore the post to the devel list related to
this). Thanks for enlightening me :-)
-
List info/su
John Horne wrote:
> We don't have that exact scenario, but, for whatever reason, we were
> seeing the home servers being marked dead/zombie extremely frequently -
> usually every few minutes.
Network packet loss, etc. ...
> With the later git version (dated 1 September in the changelog file) we
On Tue, 2010-09-07 at 22:26 +0200, Alan DeKok wrote:
> John Horne wrote:
> > We have been running 3 servers with 2.1.10 (taken from git a while ago)
>
> The proxy change went in August 4.
>
> > for some time with no problems. They act as a proxy, receiving requests
> > from wireless lan control
Garber, Neal wrote:
> You are a gentleman and a scholar! I have made the changes as you suggested
> for PEAP and tested PEAP-MSCHAPv2. It works! I am now able to log the
> output from ntlm_auth and MS-CHAP-Error. I'm also excited about the improved
> TLS logging in 2.1.10.
:)
> I will ad
> Hmm... OK. The issue appears to be that the tunneled reply is saved
> for Access-Accept, but not Access-Reject.
> See "accept_vps" in rlm_eap_peap/*. Something similar needs to be
> done for reject, and for TTLS.
You are a gentleman and a scholar! I have made the changes as you suggested
for
Garber, Neal wrote:
> I just cloned and built the latest 2.1.10 to do some testing. I did a
> PEAP-MSCHAPv2 authentication, with bad credentials, using eapol_test. What I
> found seems to indicate the problem I was referring to still exists in 2.1.10
> (probably because I wasn't clear enough i
> IIRC, it was to remember replies better. When the inner tunnel
> returns accept and the outer sends a challenge... remember the
> accept for later.
I just cloned and built the latest 2.1.10 to do some testing. I did a
PEAP-MSCHAPv2 authentication, with bad credentials, using eapol_test. Wha
> I'll take a look...
Thanks.
> I'd like to get some feedback on the pre-release of 2.1.10,
> especially the changes to the proxy code.
I'll download the latest 2.1.10 tomorrow; unfortunately, I won't have a chance
to test it until next week. Also, we don't use proxying, at the moment, but I
On Tue, 2010-09-07 at 22:26 +0200, Alan DeKok wrote:
> John Horne wrote:
> > We have been running 3 servers with 2.1.10 (taken from git a while ago)
>
> The proxy change went in August 4.
>
Ah. Our versions date back to June. I'll see about upgrading them to a
later 2.1.10 version. (Hopefully t
John Horne wrote:
> We have been running 3 servers with 2.1.10 (taken from git a while ago)
The proxy change went in August 4.
> for some time with no problems. They act as a proxy, receiving requests
> from wireless lan controllers and (mostly) proxying them on to MS IAS.
> Is there any partic
On Tue, 2010-09-07 at 21:19 +0200, Alan DeKok wrote:
>
> I'd like to get some feedback on the pre-release of 2.1.10, especially
> the changes to the proxy code.
>
We have been running 3 servers with 2.1.10 (taken from git a while ago)
for some time with no problems. They act as a proxy, receivin
Garber, Neal wrote:
>> Fixed in 2.1.9.
>
> Great (I guess missed that in the change log). Was the change to eliminate
> the extra round trip?
IIRC, it was to remember replies better. When the inner tunnel
returns accept and the outer sends a challenge... remember the accept
for later.
> If
> Fixed in 2.1.9.
Great (I guess missed that in the change log). Was the change to eliminate the
extra round trip? If so, would you accept a patch to set
Module-Failure-Message upon failure of ntlm_auth in rlm_mschap (as was
originally implemented in the fix for bug 398 in v1.1.4)?
Thanks Al
Garber, Neal wrote:
>> but it seems the next packet sent is a Challenge, not reject/accept.
>> Therefore the message does not persist until reject/accept time.
>
> Hmm.. It seems I've heard that before:
>
> http://lists.cistron.nl/pipermail/freeradius-users/2009-August/msg00326.html
Fixed in
> but it seems the next packet sent is a Challenge, not reject/accept.
> Therefore the message does not persist until reject/accept time.
Hmm.. It seems I've heard that before:
http://lists.cistron.nl/pipermail/freeradius-users/2009-August/msg00326.html
-
List info/subscribe/unsubscribe? See
--On Tuesday, September 07, 2010 14:11:42 +0100 Sion
wrote:
On Tue, Sep 7, 2010 at 8:45 AM, Alan DeKok
wrote:
Sion wrote:
On Mon, Sep 6, 2010 at 12:54 PM, Alan DeKok
wrote:
Sion wrote:
I've also tried outer.reply, but I'm still not seeing it show up in
my logs.
And the debug log s
On Tue, Sep 7, 2010 at 8:45 AM, Alan DeKok wrote:
> Sion wrote:
>> On Mon, Sep 6, 2010 at 12:54 PM, Alan DeKok
>> wrote:
>>> Sion wrote:
I've also tried outer.reply, but I'm still not seeing it show up in my
logs.
>>> And the debug log says... ?
>
> Just set "use_tunneled_reply =
Sion wrote:
> On Mon, Sep 6, 2010 at 12:54 PM, Alan DeKok wrote:
>> Sion wrote:
>>> I've also tried outer.reply, but I'm still not seeing it show up in my logs.
>>And the debug log says... ?
Just set "use_tunneled_reply = yes"
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www
On Mon, Sep 6, 2010 at 12:54 PM, Alan DeKok wrote:
> Sion wrote:
>> I've also tried outer.reply, but I'm still not seeing it show up in my logs.
>
> And the debug log says... ?
rad_recv: Access-Request packet from host 192.168.196.13 port 32768,
id=113, length=175
User-Name = "cc0086"
Sion wrote:
> I've also tried outer.reply, but I'm still not seeing it show up in my logs.
And the debug log says... ?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Fri, Sep 3, 2010 at 10:30 PM, Alan DeKok wrote:
> Sion wrote:
>> This had actually crossed my mind but I had tried testing this in the
>> post-auth section as well.
>>
>> What section should I do this in? Would something like this work?
>>
>> update outer {
>> MS-CHAP-Error = "%{
Sion wrote:
> This had actually crossed my mind but I had tried testing this in the
> post-auth section as well.
>
> What section should I do this in? Would something like this work?
>
> update outer {
>MS-CHAP-Error = "%{reply:MS-CHAP-Error}"
> }
You need to refer to a *list*:
On Fri, Sep 3, 2010 at 4:25 PM, Alan DeKok wrote:
> Sion wrote:
>> That was one of the first things I did after reading the debug output
>> originally - I've got 'linelog' in the post-auth section of the
>> "inner-tunnel" in addition to the "default" virtual server.
>
> The post-auth section of "
Sion wrote:
> That was one of the first things I did after reading the debug output
> originally - I've got 'linelog' in the post-auth section of the
> "inner-tunnel" in addition to the "default" virtual server.
The post-auth section of "inner-tunnel" isn't used, unfortunately.
> If I take
> li
On Fri, Sep 3, 2010 at 3:32 PM, Alan DeKok wrote:
> Sion wrote:
>> Still no luck I'm afraid. Here's the output of radiusd -X in case it helps:
>
> Reading it helps.
>
> The MS-CHAP-Error is in the "inner-tunnel" virtual server. You are
> trying to log it in the "default" virtual server.
That w
Sion wrote:
> Still no luck I'm afraid. Here's the output of radiusd -X in case it helps:
Reading it helps.
The MS-CHAP-Error is in the "inner-tunnel" virtual server. You are
trying to log it in the "default" virtual server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.fr
On Fri, Sep 3, 2010 at 12:58 PM, Alan DeKok wrote:
> Sion wrote:
>> That's what I thought, but it my linelog log it shows it being empty.
>
> The MS-CHAP-Error is in the reply.
>
>> I've tried putting 'linelog' in the post-auth sections of both the
>> default and inner-tunnel virtual servers but
Sion wrote:
> That's what I thought, but it my linelog log it shows it being empty.
The MS-CHAP-Error is in the reply.
> I've tried putting 'linelog' in the post-auth sections of both the
> default and inner-tunnel virtual servers but no joy. Am I missing
> something obvious here?
See the "Po
On Fri, Sep 3, 2010 at 11:47 AM, Alan DeKok wrote:
>
> Sion wrote:
> > I've got freeradius 2.1.7 setup on a CentOS system working as an AAA
> > server for our WPA Enterprise based wireless network with clients
> > successfully authenticating using PEAP and TTLS. Now to my question,
> > I've config
Sion wrote:
> I've got freeradius 2.1.7 setup on a CentOS system working as an AAA
> server for our WPA Enterprise based wireless network with clients
> successfully authenticating using PEAP and TTLS. Now to my question,
> I've configured linelog to log certain attributes but I also want it to
> l
Hi,
first, there is no such thing as "requesting that information" - a
RADIUS client sends a request, and it sends attributes as configured on
the client. There is no previous negotiation phase where the server
would tell "give me this piece of info".
However, there is some opportunity to h
Christian Rahl wrote:
> I would like this information to be added to the radius mysql in a
> separate table. This information would include MAC address, last IP, and
> if possible the last NAS IP. All I really need to know is how to get a
> script to run with the radius so that it requests that in
On Mon, 8 Mar 2010, Alan DeKok wrote:
The issue is that the response *might* be an Access-Challenge, or it
might be an Access-Reject. The final decision isn't made until after
all of the modules have been executed.
OK -- at least I haven't missed something.
But I don't see why you want t
Bob Franklin wrote:
> However, I can't seem to do this with locally-handled packets -- I have
> 'post-auth' which runs for 'Access-Accept' and (optionally, through
> 'Post-Auth-Type REJECT'), 'Access-Reject'. But I would like to be able
> to log the intermediate 'Access-Challenge' packets.
>
> Pu
James Devine wrote:
> Is there a way to enable full debugging while still having it write to
> the log file and not push into the foreground?
$ man raddebug
It requires 2.1.7 or 2.1.8 (IIRC).
> We are seeing radius
> packets coming in that I can locate via tcpdump but not via the logs.
> We h
I have read this document. It is asking me to add something like this to my
users.conf file. I don't understand. What group do I use? Is it asking me for a
local group or an eDirectory group?
DEFAULT Group == "staff", Simultaneous-Use := 4 Fall-Through = 1 DEFAULT Group
== "business", Simulta
J Brandon Polley wrote:
> My problem is that people can login more then once. In e-directory I
> have it set to only allow the user to login once. When they are logged
> into novell then try to login to FreeRadius it lets them in.
>
> How do I make FreeRadius see this rule in e-directory? Is it e
--- original message ---
From: "Alan DeKok"
Subject: Re: Logging From where?
Date: 03rd December 2009
Time: 6:52:27
as alan has said, latest versions can have custom log - theres also line_log
module - NAS-IP-Address is your friend .old version? Well, what your're after
is/can
freerad...@corwyn.net wrote:
> Everything is all running well. Currently when a user logs in I get this
> in the log:
>
>
> Wed Dec 2 17:09:32 2009 : Auth: Login OK: [rsteeves] (from client Cisco
> port 2 cli 10.20.31.17)
>
> Is it possible to also have freeradius log where I was logging into i
At 05:29 PM 12/2/2009, t...@kalik.net wrote:
Client is where user is logging into, cli is where user is logging from.
Give more distinctive shortnames to clients.
Hmm. I was using a client group for a subnet.
client Cisco {
ipaddr = 10.100.0.0
netmask = 16
secret = j
> Wed Dec 2 17:09:32 2009 : Auth: Login OK: [rsteeves] (from client
> Cisco port 2 cli 10.20.31.17)
>
> Is it possible to also have freeradius log where I was logging into
> in addition to where I logged in from?
Client is where user is logging into, cli is where user is logging from.
Give more d
> 1.
> Yes correct only in two places, it works. Thanks!
>
> 2.
> Great this works! I put this is "authorize" section.
>
> 3.
> It does not log NAS-Ip address because this is included as reply
> attribute.
> Should I update reply in the similar way as User-Name?
Yes. Add it to same update section.
Yes this works!
I need to put perl module in 2 places in "post-auth" section
1st time near "reply_log"
and
2nd time
Post-Auth-Type REJECT {
reply_log
custom_module
attr_filter.access_reject
}
Thanks a lot
Alan Buxey wrote:
>
> Hi,
>
>
Thanks a lot Ivan
1.
Yes correct only in two places, it works. Thanks!
2.
Great this works! I put this is "authorize" section.
3.
It does not log NAS-Ip address because this is included as reply attribute.
Should I update reply in the similar way as User-Name?
Is this recommendation preferre
> What we need is logging all the real FINAL messages that RADIUS sends to
> the
> client Access-Rejects/Access-Accept in one line with simple detail about
> NAS
> and UserName:
>
> Something like:
> Time,Access-Reject(or Accept),NAS-IP-Address,User-Name
>
>
> I looked into "modules/detail.log" mod
Hi,
slap perl into the post-auth section, configure a PERL module
(post-auth section of the module) to open file, print the bits
you need and then close the file. that file will be
nicely populated with what you need.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/user
Ian Chard wrote:
> I also want to have a syslogged record of each login attempt, which I
> can do, but I can't figure out how to log the client's IP address
> without having to specify every client individually in freeradius's
> config. As it is, I just get
>
> Login OK: [username] (from client b
On 25/08/09 10:39, Alan Buxey wrote:
Hi,
If modifying the linelog isn't possible then I like the sound of this.
Is there some documentation on the dynamic_clients option? I can't seem
to find any reference to it on freeradius.org.
$site_config/raddb/sites-available/dynamic-clients
(one of m
Hi,
> If modifying the linelog isn't possible then I like the sound of this.
> Is there some documentation on the dynamic_clients option? I can't seem
> to find any reference to it on freeradius.org.
$site_config/raddb/sites-available/dynamic-clients
(one of many cases where the feature is
On 25/08/09 09:50, Alan Buxey wrote:
[Ian Chard wrote:]
I also want to have a syslogged record of each login attempt, which I
can do, but I can't figure out how to log the client's IP address
without having to specify every client individually in freeradius's
config. As it is, I just get
Login
Hi,
> I'm experimenting with using freeradius 2.0.4 to authenticate
> administrative access to network equipment. If I deploy it then I'll
> end up with well over a hundred clients, so I'd like to describe the
> entire address range in a single 'client' block.
okay - just a big range will
19/09, Jonathan Gazeley wrote:
From: Jonathan Gazeley
Subject: Re: logging in bit or
To: freeradius-users@lists.freeradius.org
Date: Wednesday, August 19, 2009, 8:50 PM
On 08/19/2009 09:45 AM, ganesh
nagpure wrote:
Hi,
Hi Ganesh,
Is there any way to change the follo
user should
disconnect from BRAS i.e 7206 .
Is it possible to do that?
BR
Ganesh
--- On Wed, 8/19/09, Jonathan Gazeley wrote:
> From: Jonathan Gazeley
> Subject: Re: logging in bit or
> To: freeradius-users@lists.freeradius.org
> Date: Wednesday, August 19, 2009, 8:50 PM
> On 0
On 08/19/2009 09:45 AM, ganesh nagpure wrote:
Hi,
Hi Ganesh,
Is there any way to change the following thing fron octects to bytes or bits?
Octets are the same thing as bytes.
If i want information about uplink and downlink bit/Bytes how do i get this
information logged in radius log
Maximilian Grobecker wrote:
> I'm using FreeRadius for authenticating DSL users. Additional to the
> Input- and Output octets I would like to log the transferred packet
> count for the actual DSL session.
All of this data is generated by the NAS. If the NAS doesn't send the
data in an Accountin
> I'm using FreeRadius for authenticating DSL users. Additional to the
> Input- and Output octets I would like to log the transferred packet
> count for the actual DSL session.
> I need this information to generate statistics - and in past i got this
> information from another (not local) Radius se
Alan DeKok wrote:
>
> Augusto G. Andreollo wrote:
>> Hmm.. thing is, the post-auth sql query is already being processed, to
>> log the Access-Reject..
>
> Yes.. I know. But the return code from the LDAP module in the
> *authorize* section is lost by then.
>
>> Is there any other way I could e
Augusto G. Andreollo wrote:
> Hmm.. thing is, the post-auth sql query is already being processed, to
> log the Access-Reject..
Yes.. I know. But the return code from the LDAP module in the
*authorize* section is lost by then.
> Is there any other way I could extract the
> rejection reason fro
On Tue, 2009-03-17 at 10:11 +0100, Alan DeKok wrote:
> > My problem now is that it only returns correctly when the module returns
> > OK. If the LDAP returns anything else (fail, rejected, notfound), it
> > just completely skips over the IFs block and goes straight to Post-Auth.
> > Is that expect
Augusto G. Andreollo wrote:
> I must've been doing something wrong.. When I erased everything and
> retyped it again, it's now returning OK as given.
Weird... OK
> My problem now is that it only returns correctly when the module returns
> OK. If the LDAP returns anything else (fail, rejected, n
Ok, updating on my progress:
On Mon, 2009-03-16 at 14:28 -0300, Augusto G. Andreollo wrote:
> On Mon, 2009-03-16 at 16:13 +0100, Alan DeKok wrote:
> > Augusto G. Andreollo wrote:
> > >
> > > My problem now is getting the return code into the variable, according
> > > to the LDAP module results.
>
On Mon, 2009-03-16 at 16:13 +0100, Alan DeKok wrote:
> Augusto G. Andreollo wrote:
> >
> > My problem now is getting the return code into the variable, according
> > to the LDAP module results.
>
> It looks like it's working. What's the problem?
>
> > (and then it goes on to successfuly add t
Hi,
>if (rejected) {
are you sure sucha return code is available and
comparable in such a way? looks like 'rejected'
got matched...possibly because the check went okay -
a value of 0 - rejected isnt defined...has a value of
0 too? just a guess!
>
Augusto G. Andreollo wrote:
> I have the need to log the return code from the LDAP authentication to
> our database (I'm adding it to the postauth table scheme).
I wouldn't suggest doing that for EVERY packet. Why do you think it's
necessary?
> I've already modified the database scheme (ok), t
Jason Wittlin-Cohen wrote:
> When authenticating via PEAP or TTLS with an anonymous identity, the log
> shows both the anonymous identity and the real identity tunneled through
> the TLS tunnel. However, when TLS session resumption (caching) is
> enabled, only the anonymous identity is logged. This
Sorry for my previous email;)
I was meaning: %{control:Auth-Type}
In my configuration, I use two different auth-type, one for PAP, one
for MS-CHAP.
Regards,
Vincent
Vincent Magnin <[EMAIL PROTECTED]> a écrit :
Bonjour,
Avez-vous essayé d'utiliser %{Auth-Type} ?
Salutations,
Vincent Ma
Bonjour,
Avez-vous essayé d'utiliser %{Auth-Type} ?
Salutations,
Vincent Magnin
Richard Timsit <[EMAIL PROTECTED]> a écrit :
Alan DeKok a écrit :
You can use %{EAP-Type} to log the EAP type. It would best be done as
part of a post-auth section.
Ok, this works perfectly, thanks a lot !
Info like?
Ivan Kalik
Kalik Informatika ISP
Dana 3/12/2008, "Richard Timsit" <[EMAIL PROTECTED]> piše:
>Alan DeKok a écrit :
>
>>
>> You can use %{EAP-Type} to log the EAP type. It would best be done as
>> part of a post-auth section.
>>
>Ok, this works perfectly, thanks a lot !
>Is it cons
Alan DeKok a écrit :
You can use %{EAP-Type} to log the EAP type. It would best be done as
part of a post-auth section.
Ok, this works perfectly, thanks a lot !
Is it conseivable to retreive more info for EAP-TTLS or for some others
authentications methods, like PAP or CHAP for example ?
Richard Timsit wrote:
> Hello,
> i am using a Freeradius 2.1.1.
> I need logging authentication method by User-Name.
> I am trying using linelog module for this... but i don't know how to
> retrieve the information.
You can use %{EAP-Type} to log the EAP type. It would best be done
On Wed, 19 Nov 2008 16:37:22 -0600
Alan DeKok <[EMAIL PROTECTED]> wrote:
> > I have already asked this question a few years ago, but it still
> > seems to be impossible to log to stdout using Ubuntu's
> > Freeradius-1.1.7 (I have worked around it by using a fifo)
> >
> > Am I overlooking somethin
richard lucassen wrote:
> I have already asked this question a few years ago, but it still seems
> to be impossible to log to stdout using Ubuntu's Freeradius-1.1.7 (I
> have worked around it by using a fifo)
>
> Am I overlooking something or is logging to stdout still an issue with
> 1.1.7? (for
Ivan,
Thanks for your response. FreeRadisu is able to connect to the MySQL database
and write into the radacct table. However I am not ablle to set things up for
logging the VSA attributes into the database. How to edit the dialup.conf for
the VSA value logging. I edited the dialu
>I am facing difficulties in integrating MySQL and FreeRadius for the
>accounting. I have setup the mysql with a database named 'radius'. I have also
>defined a table 'rt_cdr1' which is to be used to store the CDRs that come in
>the accounting request. I add the following statements in radiusd.c
Arrigo Savio wrote:
> Hi everybody. I installed Freeradius 2.1.0 on a Fedora 9 server.
I suggest using 2.1.1, which was released last week.
> I'm trying to understand if is it possible to set the logging level in
> radius.log log file. Where can I set up a "radius -X like" level also in
> radiu
Thanks, that works.
Norbert Wegener
Alan DeKok schrieb:
Norbert Wegener wrote:
If fear not...
Hmm... if this is in the "authenticate" section, then the rules are
different. The authenticate section is processed by selecting *one*
module / section from the list. That *one* module
Norbert Wegener wrote:
> If fear not...
Hmm... if this is in the "authenticate" section, then the rules are
different. The authenticate section is processed by selecting *one*
module / section from the list. That *one* module is processed.
So if you have:
authenticate {
eap
If fear not...
eap {
invalid = 1
}
if (invalid) {
update reply {
Tmp-String-5="INVALID Certificate"
}
...
TL
1 - 100 of 196 matches
Mail list logo