'Re: Linelog and get rid of No Failure Reason'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Linelog and get rid of No Failure Reason
From:       Anatoliy <cphlpd () gmail ! com>
Date:       2023-08-03 7:10:58
Message-ID: CA+OC=N8dORzub5kBNO2oqFAJbge8Y-Ej8u1hBmFd88_Y4kkO_g () mail ! gmail ! com
[Download RAW message or body]

Hi , here is example how we log this ..
authorize {
        sql {
            notfound = 2
        }
        if( notfound ) {
            update reply {
                Reply-Message := "Username Not found"
            }
        }
}

    authenticate {
        Auth-Type PAP {
            pap {
                reject = 3
            }
            if (reject) {
                update reply {
                    Reply-Message := "Password Incorrect"
                }
            }
        }
    }

and log in port-auth
    post-auth {
        llog-auth-accept
        Post-Auth-Type REJECT {
            llog-auth-reject
        }
I use different schema for log accept and log reject.



On Thu, Aug 3, 2023 at 12:05 PM TS <h33927318@gmail.com> wrote:

> Hello,
> 
> I am trying to consolidate logs and have only one log file with all needed
> data in it.
> 
> This setup with Freeradius 3.2.3 with OpenLDAP 2.5.15.
> We are using EAP + MSCHAPv2, LDAP contains an attribute with NT Password.
> 
> I am trying to get rid of "No Failure Reason" value of
> "reply:Reply-Message" variable in cases where:
> 1. user not found in LDAP
> 2. user's password is incorrect
> 3. user has Phase1 (EAP/TLS/...) or Phase2 (MSCHAPv2/GTC/...)
> misconfigured.
> 
> I have pretty default configuration with small changes.
> I know I should modify Reply-Message but in which file and within which
> section(s)?
> 
> Snippet from my custom linelog:
> reference = "inner_auth_log.%{%{reply:Packet-Type}:-format}"
> 
> inner_auth_log {
> Access-Accept = "%d.%m.%Y@%H:%G|RESULT=OK
> 
> > USER=%{User-Name}|WIFI_AP_IP=%{NAS-IP-Address}|CLIENT_MAC_ADDR=%{%{Calling-Station-Id}:-Unknown
> > 
> Caller Id}"
> Access-Reject =
> "%d.%m.%Y@
> %H:%G|RESULT=ERR|USER=%{User-Name}|WIFI_AP_IP=%{NAS-IP-Address}|CLIENT_MAC_ADDR=%{%{Calling-Station-Id}:-Unknown
>  Caller Id}|MSG=%{%{reply:Reply-Message}:-No Failure Reason}"
> }
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic