On 10/18/2013 11:00 AM, Alan DeKok wrote:
Bertalan Voros wrote:
I have one question, I would like to log a message in radius.log when a
device is rejected based on its mac address.
I would like to put a message saying that the device was unauthorised
and the Calling-Station-Id into the radius.log logfile.
See the radiusd.conf, the "log" subsection. There are limited
possibilities for customizing the log messages.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I use a modified module for syslog based off "exec" for this type of
thing (on a UNIX system):
exec syslog-portauth {
wait = no
program = "/usr/bin/logger -p local3.info -t portauth switch
%{NAS-IP-Address} port %{NAS-Port-Id} %{NAS-Port} - User %{sql_start2:
select determineUserFromMac('%{User-Name}')} on MAC %{User-Name}
assigned to %{reply:Tunnel-Private-Group-Id}"
input_pairs = request
packet_type = Access-Accept
shell_escape = no
}
Granted, you might need to execute this on an Access-Reject but you can
log anything you want with that. I even grab some values from my
database (MySQL functions actually) to include in the log line.
- JohnD
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
