Project

General

Profile

Actions
Copy link

Bug #6928

closed

freeRADIUS, logging with "Access-Reject" not work in mysql table radpostauth

Added by Konstantin Ab about 8 years ago. Updated almost 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Renato Botelho
Category:
FreeRADIUS
Target version:
pfSense - 2.4.0
Start date:
11/13/2016
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
2.3.2
Affected Plus Version:
Affected Architecture:
amd64

Description

The table(radpostauth) is recorded only events "Access-Accept".
in the table(radpostauth) needed events "Acces-Reject"

Write syslog events "Access-Accept" is ok:

Login OK: [4C11BF3AAECC/pkz] (from client PKZ.DES320018.Kombikorm port 0 cli 4C-11-BF-3C-AA-CC)

write syslog enents "Acces-reject" is ok:

Login incorrect: [001D5241BA5B/pkz] (from client PKZ.DES320018.Kombi port 0 cli 00-1D-52-41-BA-5B)

Package / FreeRADIUS / Settings:
"Log Password on Authentication Failure" selected "Log"

Package / FreeRADIUS / SQL
"Enable SQL Post-Auth" is Enable

Sniffer shows that no queries to the table "radpostauth"

Actions
Copy link
 #1

Updated by Konstantin Ab about 8 years ago

for change it - needed uncomment this:
/usr/local/etc/raddb/sites-enabled/default
section post-auth
variable sql

Post-Auth-Type REJECT {
# log failed authentications in SQL, too.
sql

Actions
Copy link
 #2

Updated by Kill Bill almost 8 years ago

Does uncommenting this break things if SQL is disabled? The whole thing is a damn complex heap of code, not really keen to touch it beyond uncommenting the line.

Actions
Copy link
 #3

Updated by Konstantin Ab almost 8 years ago

i tryed diable SQL. No problem.
I'm watching the security problems in this table.

Actions
Copy link
 #4

Updated by Kill Bill almost 8 years ago

Can you please test this patch? https://github.com/pfsense/FreeBSD-ports/commit/cdf9b05e966f311b8ae83c7a3158479bd5c9e7bf.patch

- Apply via System Patches (Path Strip Count = 4) or manually
- Check "Enable SQL Post-Auth" in Package / FreeRADIUS / SQL, click Save and see if it works. The line should be uncommented and info logged.
- Uncheck "Enable SQL Post-Auth" in Package / FreeRADIUS / SQL, click Save and check again - the line should be commented and the info not logged any more.

Thanks.

Actions
Copy link
 #5

Updated by Konstantin Ab almost 8 years ago

Hmmm, it seems to work!
records appear in Table

Actions
Copy link
 #6

Updated by Kill Bill almost 8 years ago

Konstantin Ab wrote:

Hmmm, it seems to work!
records appear in Table

Thanks for testing. Added to this monster commit: https://github.com/pfsense/FreeBSD-ports/pull/272

Actions
Copy link
 #7

Updated by Renato Botelho almost 8 years ago

  • Status changed from New to Feedback
  • Assignee set to Renato Botelho
  • Target version set to 2.4.0
  • % Done changed from 0 to 100
Actions
Copy link
 #8

Updated by Kill Bill almost 8 years ago

Merged and working, can be closed.

Actions
Copy link
 #9

Updated by Renato Botelho almost 8 years ago

  • Status changed from Feedback to Resolved
Actions
Copy link

Also available in: Atom PDF