Then say hello to my little friend… raddebug!
Using raddebug allows you to add conditions to be debugged with unlang.
For example, I can do this:
# sbin/raddebug -d etc/raddb -t2800 -c '( Packet-Src-Ip-Address ==
192.168.239.141 )'
If the shared secret is incorrect you will get an error like the following:
Wed Aug 20 11:51:30 2014 : Debug: Received packet from 192.168.239.141 with
invalid Message-Authenticator! (Shared secret is incorrect.) Dropping packet
without response.
Shared secret errors are not logged. That is why I suspect it may be your
problem.
Read the friendly manpage for raddebug and unlang.
It is a very powerful technique for debugging connections without restarting
radius and still allows you to narrow down the search by client IP, device MAC
or any arbitrary condition which you can match using unlang.
One caveat: because of the way PF is configured you may have to switch to the
pf uid to be allowed to use raddebug:
# su - pf
Regards,
--
Louis Munro
[email protected] :: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On 2014-08-20, at 11:25 , "Sallee, Jake" <[email protected]> wrote:
> Yeah, with about 50 auth requests a second, the debug output is a bit hard to
> manage.
>
> But I'll see what I can do.
>
> Jake Sallee
> Godfather of Bandwidth
> System Engineer
> University of Mary Hardin-Baylor
> WWW.UMHB.EDU
>
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
