Project

General

Profile

Bug #6928

freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth

Added by Konstantin Ab 4 months ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Normal
Category:
FreeRADIUS
Target version:
Start date:
11/13/2016
Due date:
% Done:

100%

Affected version:
2.3.2
Affected Architecture:
amd64

Description

The table(radpostauth) is recorded only events "Access-Accept".
in the table(radpostauth) needed events "Acces-Reject"

Write syslog events "Access-Accept" is ok:

Login OK: [4C11BF3AAECC/pkz] (from client PKZ.DES320018.Kombikorm port 0 cli 4C-11-BF-3C-AA-CC)

write syslog enents "Acces-reject" is ok:

Login incorrect: [001D5241BA5B/pkz] (from client PKZ.DES320018.Kombi port 0 cli 00-1D-52-41-BA-5B)

Package / FreeRADIUS / Settings:
"Log Password on Authentication Failure" selected "Log"

Package / FreeRADIUS / SQL
"Enable SQL Post-Auth" is Enable

Sniffer shows that no queries to the table "radpostauth"

History

#1 Updated by Konstantin Ab 4 months ago

for change it - needed uncomment this:
/usr/local/etc/raddb/sites-enabled/default
section post-auth
variable sql

Post-Auth-Type REJECT {
# log failed authentications in SQL, too.
sql

#2 Updated by Kill Bill about 2 months ago

Does uncommenting this break things if SQL is disabled? The whole thing is a damn complex heap of code, not really keen to touch it beyond uncommenting the line.

#3 Updated by Konstantin Ab about 2 months ago

i tryed diable SQL. No problem.
I'm watching the security problems in this table.

#4 Updated by Kill Bill about 2 months ago

Can you please test this patch? https://github.com/pfsense/FreeBSD-ports/commit/cdf9b05e966f311b8ae83c7a3158479bd5c9e7bf.patch

- Apply via System Patches (Path Strip Count = 4) or manually
- Check "Enable SQL Post-Auth" in Package / FreeRADIUS / SQL, click Save and see if it works. The line should be uncommented and info logged.
- Uncheck "Enable SQL Post-Auth" in Package / FreeRADIUS / SQL, click Save and check again - the line should be commented and the info not logged any more.

Thanks.

#5 Updated by Konstantin Ab about 2 months ago

Hmmm, it seems to work!
records appear in Table

#6 Updated by Kill Bill about 2 months ago

Konstantin Ab wrote:

Hmmm, it seems to work!
records appear in Table

Thanks for testing. Added to this monster commit: https://github.com/pfsense/FreeBSD-ports/pull/272

#7 Updated by Renato Botelho about 2 months ago

  • Status changed from New to Feedback
  • Assignee set to Renato Botelho
  • Target version set to 2.4.0
  • % Done changed from 0 to 100

#8 Updated by Kill Bill about 1 month ago

Merged and working, can be closed.

#9 Updated by Renato Botelho about 1 month ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF