diff --git a/src/auth.rs b/src/auth.rs
index 24d1240..1ade8dc 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -9,6 +9,7 @@ use async_trait::async_trait;
 use base64::Engine;
 use hmac::{Hmac, Mac};
 use sha1::Sha1;
+use tracing::warn;
 use std::net::SocketAddr;
 use std::sync::Arc;
 use std::time::{Duration, SystemTime, UNIX_EPOCH};
@@ -134,6 +135,7 @@ impl<S: CredentialStore + Clone> AuthManager<S> {
         };
 
         if realm != self.settings.realm {
+            warn!("auth reject: realm mismatch client_realm={} expected={} peer={}", realm, self.settings.realm, peer);
             return AuthStatus::Reject {
                 code: 400,
                 reason: "Realm Mismatch",
@@ -168,6 +170,7 @@ impl<S: CredentialStore + Clone> AuthManager<S> {
             None => match self.derive_turn_rest_password(&username) {
                 Some(p) => p,
                 None => {
+                    warn!("auth reject: unknown user username={} realm={} peer={}", username, realm, peer);
                     return AuthStatus::Reject {
                         code: 401,
                         reason: "Unknown User",
@@ -178,6 +181,7 @@ impl<S: CredentialStore + Clone> AuthManager<S> {
 
         let key = self.derive_long_term_key(&username, &password);
         if !validate_message_integrity(msg, &key) {
+            warn!("auth reject: bad credentials username={} realm={} peer={}", username, realm, peer);
             return AuthStatus::Reject {
                 code: 401,
                 reason: "Bad Credentials",