[RADIATOR] AuthLog
Hugh Irvine
hugh at open.com.au
Sat Nov 8 01:33:15 CST 2008
Hello Kadir -
Radiator only logs the overall result of the authentication in the
AuthLog clause.
In other words it is not possible to use AuthLog for the result of any
previous AuthBy clause(s).
regards
Hugh
On 7 Nov 2008, at 19:52, Kadir Saruhan wrote:
> Hi there,
>
>
> i have the radius service like following configuration. My case is
> that,
>
> In my configuration i have one "AuthBy GROUP" and there are two
> "AuthBy" clauses. If user get fail from the first AuthBy clause it
> will continue and will get success from second AuthBy clause. So
> users always will be connected but will be restricted in some cases.
> In this case it logs authentication failure like a "Fixed by
> AuthResult" but i want to log first Authentication Failure result
> (like "No such user" and "Bad password"). How can i do this ? How
> can i log first AuthBy clause result ?
>
> Best Regards
>
>
>
>
> <AuthLog FILE>
> Identifier logfile1
> Filename %D/authlogtest.log
> LogSuccess 1
> SuccessFormat '%Y.%m.%d %H:%M:%S', %2, OK, '%N'
> LogFailure 1
> FailureFormat '%Y.%m.%d %H:%M:%S', %2, %1, '%N'
> </AuthLog>
>
> <AuthBy SQL>
> Identifier mysql_test
> NoDefault
> DefaultSimultaneousUse 1
> DBSource dbi:mysql:hostname=xxx:yyy
> DBUsername aaaa
> DBAuth bbbbb
>
> AuthSelect select PASSWORD,CHECKATTR,REPLYATTR from
> SUBSCRIBERS where USERNAME='%n'
> AuthColumnDef 0, User-Password, check
> AuthColumnDef 1, GENERIC, check
> AuthColumnDef 2, GENERIC, reply
>
> </AuthBy>
>
> <AuthBy INTERNAL>
>
> Identifier all_accept
> DefaultSimultaneousUse 1
> AuthResult ACCEPT
> AddToReply cisco-avpair = "ip:addr-pool=UNPOOL", \
> cisco-avpair = "ip:l4redirect=redirect list 199 to group
> SRPORTAL"
>
> </AuthBy>
>
> <Realm DEFAULT>
>
> SessionDatabase SDB1
>
> <AuthBy GROUP>
> AuthByPolicy ContinueUntilAccept
> DefaultSimultaneousUse 1
> AuthBy mysql_test
> AuthBy all_accept
> </AuthBy>
>
> AuthLog logfile1
>
> </Realm>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list