Re: Log auth message
On 21 Jun 2013, at 10:03, a.l.m.bu...@lboro.ac.uk wrote: > Hi, > >> I`m not able to debug, what does macro RAUTH do :(. Coudl you please help >> me, thx. > > ah. just noticed this is actually with 3.x - yes, the older releases logged > but current > version doesnt. I'll have to help you out with this as I need logging on that > platform :-) OP was right in that the logging function isn't set and that that's the issue. radlog_request was originally only used for debugging, and then we expanded it to all log message types. It's nicer because it looks at the request structure to figure out things like the current module, and prefixes the log message appropriately. Anyway. ndex 74c2d33..cb11ae3 100644 --- a/src/main/util.c +++ b/src/main/util.c @@ -462,7 +462,7 @@ REQUEST *request_alloc(void) request->module = ""; request->component = ""; - if (debug_flag) request->radlog = radlog_request; + request->radlog = radlog_request; return request; } Should fix it. Arran Cudbard-Bell FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log auth message
Hi, > I`m not able to debug, what does macro RAUTH do :(. Coudl you please help me, > thx. ah. just noticed this is actually with 3.x - yes, the older releases logged but current version doesnt. I'll have to help you out with this as I need logging on that platform :-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Log auth message
Maybe i found, where is problem ?
radiusd@tdrad1test:/storage/app/radius/raddb/auth$ gdb
/storage/app/radius/freeradius-3.0.0/sbin/radiusd
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /storage/app/radius/freeradius-3.0.0/sbin/radiusd...done.
(gdb) b src/main/auth.c:153
Breakpoint 1 at 0x40d79e: file src/main/auth.c, line 153.
(gdb) run -f -t -d /storage/app/radius/raddb/auth
Starting program: /storage/app/radius/freeradius-3.0.0/sbin/radiusd -f -t -d
/storage/app/radius/raddb/auth
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
/storage/app/radius/
/storage/log/radius/radius/auth/
Info: Cache file /storage/log/radius/radius/auth/../cache/ldap_cache.db too
old, ignoring
Starting with empty cache
Breakpoint 1, rad_authlog (msg=0x44756d "Login OK", request=0x12c1460,
goodpass=1) at src/main/auth.c:153
153 RAUTH("%s: [%s%s%s] (%s)%s",
(gdb) info macro RAUTH
Defined at /home/radiusd/freeradius-server-3.0.0/src/freeradius-devel/log.h:150
included at
/home/radiusd/freeradius-server-3.0.0/src/freeradius-devel/radiusd.h:39
included at src/main/auth.c:26
#define RAUTH(fmt, ...) _RL(L_AUTH, L_DBG_LVL_OFF, fmt, ## __VA_ARGS__)
(gdb) info macro -a RAUTH
Defined at /home/radiusd/freeradius-server-3.0.0/src/freeradius-devel/log.h:150
included at
/home/radiusd/freeradius-server-3.0.0/src/freeradius-devel/radiusd.h:39
included at src/main/auth.c:26
#define RAUTH(fmt, ...) _RL(L_AUTH, L_DBG_LVL_OFF, fmt, ## __VA_ARGS__)
(gdb) info macro -all RAUTH
Defined at /home/radiusd/freeradius-server-3.0.0/src/freeradius-devel/log.h:150
included at
/home/radiusd/freeradius-server-3.0.0/src/freeradius-devel/radiusd.h:39
included at src/main/auth.c:26
#define RAUTH(fmt, ...) _RL(L_AUTH, L_DBG_LVL_OFF, fmt, ## __VA_ARGS__)
(gdb) info macro _RL
Defined at /home/radiusd/freeradius-server-3.0.0/src/freeradius-devel/log.h:142
included at
/home/radiusd/freeradius-server-3.0.0/src/freeradius-devel/radiusd.h:39
included at src/main/auth.c:26
#define _RL(_l, _p, _f, ...) if (request && request->radlog)
request->radlog(_l, _p, request, _f, ## __VA_ARGS__)
(gdb) disp request
1: request = (REQUEST *) 0x12c1460
(gdb) disp request->radlog
2: request->radlog = (radlog_func_t) 0
Variable request->radlog is not defined. Am i right ?
-Original Message-
From: freeradius-users-bounces+peter.balsianok=orange...@lists.freeradius.org
[mailto:freeradius-users-bounces+peter.balsianok=orange...@lists.freeradius.org]
On Behalf Of Arran Cudbard-Bell
Sent: Thursday, June 20, 2013 6:42 PM
To: FreeRadius users mailing list
Subject: Re: Log auth message
On 20 Jun 2013, at 14:32, "BALSIANOK, Peter" wrote:
> Answer is simple, i don`t know how :) ( i don`t have propert skills )
http://beej.us/guide/bggdb/
-Arran
Arran Cudbard-Bell FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Log auth message
> > Answer is simple, i don`t know how :) ( i don`t have propert skills ) > > http://beej.us/guide/bggdb/ Thanks for that Arran, It'll come in handy for Moonshot testing here. :-) Stefan -- This e-mail and any attachments may contain confidential, copyright and or privileged material, and are for the use of the intended addressee only. If you are not the intended addressee or an authorised recipient of the addressee please notify us of receipt by returning the e-mail and do not use, copy, retain, distribute or disclose the information in or attached to the e-mail. Any opinions expressed within this e-mail are those of the individual and not necessarily of Diamond Light Source Ltd. Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are free from viruses and we cannot accept liability for any damage which you may sustain as a result of software viruses which may be transmitted in or with the message. Diamond Light Source Limited (company no. 4375679). Registered in England and Wales with its registered office at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Log auth message
Thank you for the link Arran
I have tried to figure out, where is the problem
I`m not able to debug, what does macro RAUTH do :(. Coudl you please help me,
thx.
radiusd@tdrad1test:/storage/app/radius/raddb/auth$ gdb
/storage/app/radius/freeradius-3.0.0/sbin/radiusd
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /storage/app/radius/freeradius-3.0.0/sbin/radiusd...done.
(gdb) run -f -t -d /storage/app/radius/raddb/auth
Starting program: /storage/app/radius/freeradius-3.0.0/sbin/radiusd -f -t -d
/storage/app/radius/raddb/auth
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
/storage/app/radius/
/storage/log/radius/radius/auth/
Info: Cache file /storage/log/radius/radius/auth/../cache/ldap_cache.db too
old, ignoring
Starting with empty cache
^C
Program received signal SIGINT, Interrupt.
0x75faa553 in select () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) b src/main/auth.c:153
Breakpoint 1 at 0x40d79e: file src/main/auth.c, line 153.
(gdb) continue
Continuing.
Breakpoint 1, rad_authlog (msg=0x44756d "Login OK", request=0x12c1460,
goodpass=1) at src/main/auth.c:153
153 RAUTH("%s: [%s%s%s] (%s)%s",
(gdb) step
161 return 0;
(gdb)
162 }
(gdb)
rad_authenticate (request=0x12c1460) at src/main/auth.c:655
655 return result;
-Original Message-
From: freeradius-users-bounces+peter.balsianok=orange...@lists.freeradius.org
[mailto:freeradius-users-bounces+peter.balsianok=orange...@lists.freeradius.org]
On Behalf Of Arran Cudbard-Bell
Sent: Thursday, June 20, 2013 6:42 PM
To: FreeRadius users mailing list
Subject: Re: Log auth message
On 20 Jun 2013, at 14:32, "BALSIANOK, Peter" wrote:
> Answer is simple, i don`t know how :) ( i don`t have propert skills )
http://beej.us/guide/bggdb/
-Arran
Arran Cudbard-Bell FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log auth message
On 20 Jun 2013, at 14:32, "BALSIANOK, Peter" wrote: > Answer is simple, i don`t know how :) ( i don`t have propert skills ) http://beej.us/guide/bggdb/ -Arran Arran Cudbard-Bell FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Log auth message
Answer is simple, i don`t know how :) ( i don`t have propert skills )
-Original Message-
From: freeradius-users-bounces+peter.balsianok=orange...@lists.freeradius.org
[mailto:freeradius-users-bounces+peter.balsianok=orange...@lists.freeradius.org]
On Behalf Of Arran Cudbard-Bell
Sent: Thursday, June 20, 2013 3:01 PM
To: FreeRadius users mailing list
Subject: Re: Log auth message
On 20 Jun 2013, at 13:24, "BALSIANOK, Peter" wrote:
> Hi,
>
> I have added test code into radius sourec code:
>
> radiusd@tdrad1test:~/freeradius-server-3.0.0$ diff -uN src/main/auth.c.orig
> src/main/auth.c
> --- src/main/auth.c.orig 2013-06-20 14:21:41.610790604 +0200
> +++ src/main/auth.c 2013-06-20 14:20:38.974815618 +0200
> @@ -146,6 +146,10 @@
> }
>
>
> + radlog( L_AUTH, " Show this row %s %s",
> + clean_username,
> + auth_name(buf, sizeof(buf), request, 1)
> + );
> RAUTH("%s: [%s%s%s] (%s)%s",
> msg,
> clean_username,
>
> After compilation, i sent test request.
>
> Log output:
> Thu Jun 20 14:20:46 2013 : Info: Loaded virtual server Thu
> Jun 20 14:20:46 2013 : Info: Loaded virtual server default Thu Jun 20
> 14:20:46 2013 : Info: Ready to process requests.
> Thu Jun 20 14:20:55 2013 : Auth: Show this row g...@test.sk from
> client localhost port 0 cli 42199522
>
> IMHO, I think the problem is in the RAUTH macro.
No, the RAUTH macro is fine. Why don't you run it under GDB and figure out
what's happening?
-Arran
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log auth message
On 20 Jun 2013, at 13:24, "BALSIANOK, Peter" wrote:
> Hi,
>
> I have added test code into radius sourec code:
>
> radiusd@tdrad1test:~/freeradius-server-3.0.0$ diff -uN src/main/auth.c.orig
> src/main/auth.c
> --- src/main/auth.c.orig 2013-06-20 14:21:41.610790604 +0200
> +++ src/main/auth.c 2013-06-20 14:20:38.974815618 +0200
> @@ -146,6 +146,10 @@
> }
>
>
> + radlog( L_AUTH, " Show this row %s %s",
> + clean_username,
> + auth_name(buf, sizeof(buf), request, 1)
> + );
> RAUTH("%s: [%s%s%s] (%s)%s",
> msg,
> clean_username,
>
> After compilation, i sent test request.
>
> Log output:
> Thu Jun 20 14:20:46 2013 : Info: Loaded virtual server
> Thu Jun 20 14:20:46 2013 : Info: Loaded virtual server default
> Thu Jun 20 14:20:46 2013 : Info: Ready to process requests.
> Thu Jun 20 14:20:55 2013 : Auth: Show this row g...@test.sk from client
> localhost port 0 cli 42199522
>
> IMHO, I think the problem is in the RAUTH macro.
No, the RAUTH macro is fine. Why don't you run it under GDB and figure out
what's happening?
-Arran
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Log auth message
Hi,
I have added test code into radius sourec code:
radiusd@tdrad1test:~/freeradius-server-3.0.0$ diff -uN src/main/auth.c.orig
src/main/auth.c
--- src/main/auth.c.orig2013-06-20 14:21:41.610790604 +0200
+++ src/main/auth.c 2013-06-20 14:20:38.974815618 +0200
@@ -146,6 +146,10 @@
}
+ radlog( L_AUTH, " Show this row %s %s",
+ clean_username,
+ auth_name(buf, sizeof(buf), request, 1)
+ );
RAUTH("%s: [%s%s%s] (%s)%s",
msg,
clean_username,
After compilation, i sent test request.
Log output:
Thu Jun 20 14:20:46 2013 : Info: Loaded virtual server
Thu Jun 20 14:20:46 2013 : Info: Loaded virtual server default
Thu Jun 20 14:20:46 2013 : Info: Ready to process requests.
Thu Jun 20 14:20:55 2013 : Auth: Show this row g...@test.sk from client
localhost port 0 cli 42199522
IMHO, I think the problem is in the RAUTH macro.
-Original Message-
From: freeradius-users-bounces+peter.balsianok=orange...@lists.freeradius.org
[mailto:freeradius-users-bounces+peter.balsianok=orange...@lists.freeradius.org]
On Behalf Of a.l.m.bu...@lboro.ac.uk
Sent: Wednesday, June 19, 2013 1:56 PM
To: FreeRadius users mailing list
Subject: Re: Log auth message
Hi,
have you run in 'radiusd -X' mode yet at all?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log auth message
Hi, have you run in 'radiusd -X' mode yet at all? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Log auth message
Hi, Hmm, sorry but if i am logged in as none root user ( for example as radiusd user ). Its not important if i will run [path]/sbin/radiusd -d [config file] or [path]/sbin/radiusd -x -d [config file] from command line ( both service will be run under radiusd environment, not root ). -Original Message- From: freeradius-users-bounces+peter.balsianok=orange...@lists.freeradius.org [mailto:freeradius-users-bounces+peter.balsianok=orange...@lists.freeradius.org] On Behalf Of a.l.m.bu...@lboro.ac.uk Sent: Wednesday, June 19, 2013 12:30 PM To: FreeRadius users mailing list Subject: Re: Log auth message Hi, > Hi, > > I never run radiusd as root user ( for both cases ). yes you do - when you are running in '-x' mode > The user/group is able to write, because i see general log message > > Wed Jun 19 08:18:49 2013 : Info: Loaded virtual server Wed > Jun 19 08:18:49 2013 : Info: Loaded virtual server default Wed Jun 19 > 08:18:49 2013 : Info: Ready to process requests. IIRC that stuff is done before the server drops down to lower priv check your permissions, check your audit logs (if running SELinux). standard installs do not have this issue. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log auth message
Hi, > Hi, > > I never run radiusd as root user ( for both cases ). yes you do - when you are running in '-x' mode > The user/group is able to write, because i see general log message > > Wed Jun 19 08:18:49 2013 : Info: Loaded virtual server > Wed Jun 19 08:18:49 2013 : Info: Loaded virtual server default > Wed Jun 19 08:18:49 2013 : Info: Ready to process requests. IIRC that stuff is done before the server drops down to lower priv check your permissions, check your audit logs (if running SELinux). standard installs do not have this issue. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Log auth message
Hi, I never run radiusd as root user ( for both cases ). The user/group is able to write, because i see general log message Wed Jun 19 08:18:49 2013 : Info: Loaded virtual server Wed Jun 19 08:18:49 2013 : Info: Loaded virtual server default Wed Jun 19 08:18:49 2013 : Info: Ready to process requests. I didnt see log message about authentification ( correct / incorrect login ) for case, when i run [path]/sbin/radiusd -d [configuration file]. -Original Message- From: freeradius-users-bounces+peter.balsianok=orange...@lists.freeradius.org [mailto:freeradius-users-bounces+peter.balsianok=orange...@lists.freeradius.org] On Behalf Of a.l.m.bu...@lboro.ac.uk Sent: Wednesday, June 19, 2013 10:25 AM To: FreeRadius users mailing list Subject: Re: Log auth message Hi, > When i use parameter -x, everythink works correct ( i see auth log message ): that'll be because with -x or -X the service runs as root. without those arguments it will run as th user configured in the radiusd.conf - please ensure that user/group is able to write into that location alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log auth message
Hi, > When i use parameter -x, everythink works correct ( i see auth log message ): that'll be because with -x or -X the service runs as root. without those arguments it will run as th user configured in the radiusd.conf - please ensure that user/group is able to write into that location alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Log auth message
Microsoft Outlook has changed first letter :(
log {
destination = files
file = /app_log/radius/radius.log
auth = yes
auth_badpass = yes
auth_goodpass = yes
}
When i use parameter -x, everythink works correct ( i see auth log message ):
WARNING: Ignoring "sql" (see raddb/mods-available/README.rst)
WARNING: Ignoring "ldap" (see raddb/mods-available/README.rst)
WARNING: Ignoring "sql" (see raddb/mods-available/README.rst)
WARNING: Ignoring "sql" (see raddb/mods-available/README.rst)
radiusd: Opening IP addresses and Ports
Listening on proxy address * port 0
Listening on auth address * port 1812 as server default
Listening on auth address * port 1645 as server default
Ready to process requests.
Waking up in 0.3 seconds.
(0) # Executing section authorize from file
/storage/app/radius/raddb/auth/sites-enabled/default
rlm_perl: Added pair NAS-Port-Type = Virtual
rlm_perl: Added pair Acct-Session-Id = d597d9250ac7aeba
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Calling-Station-Id = 42199522
rlm_perl: Added pair Called-Station-Id = GRETEST01BB2.VPS
rlm_perl: Added pair Framed-Protocol = GPRS-PDP-Context
rlm_perl: Added pair User-Name = g...@test.sk
rlm_perl: Added pair NAS-Identifier = ggsn-01-bb2.orange.sk
rlm_perl: Added pair User-Password = tojejedno
rlm_perl: Added pair Acct-Multi-Session-Id = d597d92505600f87
rlm_perl: Added pair Realm = DEFAULT
rlm_perl: Added pair Stripped-User-Name = gre
rlm_perl: Added pair NAS-IP-Address = 213.151.211.225
rlm_perl: Added pair Current-Time = 1371622553
rlm_perl: Added pair Password-With-Header =
{SSHA}TypEiJb0E3IVkhcPcO5Eybq/SYYPcrk+Ix1kTg==
rlm_perl: Added pair VPDN_SERVICE_ID = User-GPRS-GRE
(0) # Executing group from file
/storage/app/radius/raddb/auth/sites-enabled/default
(0) pap : login attempt with password "tojejedno"
(0) pap : Using SSHA encryption.
(0) pap : User authenticated successfully
(0) Login OK: [g...@test.sk/tojejedno] (from client localhost port 0 cli
42199522)
(0) # Executing section post-auth from file
/storage/app/radius/raddb/auth/sites-enabled/default
rlm_perl: Added pair NAS-Port-Type = Virtual
rlm_perl: Added pair Acct-Session-Id = d597d9250ac7aeba
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Called-Station-Id = GRETEST01BB2.VPS
rlm_perl: Added pair Calling-Station-Id = 42199522
rlm_perl: Added pair Framed-Protocol = GPRS-PDP-Context
rlm_perl: Added pair User-Name = g...@test.sk
rlm_perl: Added pair User-Password = tojejedno
rlm_perl: Added pair NAS-Identifier = ggsn-01-bb2.orange.sk
rlm_perl: Added pair Acct-Multi-Session-Id = d597d92505600f87
rlm_perl: Added pair Realm = DEFAULT
rlm_perl: Added pair NAS-IP-Address = 213.151.211.225
rlm_perl: Added pair Stripped-User-Name = gre
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Framed-IP-Address = 10.10.10.1
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
rlm_perl: Added pair SSHA1-Password =
0x4f2a448896f413721592170f70ee44c9babf49860f72b93e231d644e
rlm_perl: Added pair Current-Time = 1371622553
rlm_perl: Added pair Password-With-Header =
{SSHA}TypEiJb0E3IVkhcPcO5Eybq/SYYPcrk+Ix1kTg==
rlm_perl: Added pair Auth-Type = PAP
rlm_perl: Added pair VPDN_SERVICE_ID = User-GPRS-GRE
Waking up in 1.7 seconds.
Ready to process requests.
-Original Message-
From: freeradius-users-bounces+peter.balsianok=orange...@lists.freeradius.org
[mailto:freeradius-users-bounces+peter.balsianok=orange...@lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: Wednesday, June 19, 2013 3:11 AM
To: FreeRadius users mailing list
Subject: Re: Log auth message
BALSIANOK, Peter wrote:
> Configuration ( for logging in radiusd.conf ):
> Log {
Log? Or log ? It is case sensitive.
> destination = files
> file = /app_log/radius/radius.log
> auth = yes
> auth_badpass = yes
> auth_goodpass = yes
> }
>
> Difference between cases are runtime parameters:
> 1. /storage/app/radius/freeradius-3.0.0/sbin/radiusd -d
> /storage/app/radius/raddb/auth 2.
> /storage/app/radius/freeradius-3.0.0/sbin/radiusd -x -d
> /storage/app/radius/raddb/auth
...
> I will not see any auth log message in the main radius log file
> /app_log/radius/radius.log ( somethink like ):
> Tue Jun 18 08:12:55 2013 : Auth: Login OK: [g...@test.sk/tojejedno]
> (from client IPSECgtw-01-BB1 port 997 cli 42199522)
The messages should be there.
Run it in debugging mode to see if the "auth*" configuration items are parsed
correctly.
It should also print the "Login OK" messages in debugging mode, too.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log auth message
BALSIANOK, Peter wrote:
> Configuration ( for logging in radiusd.conf ):
> Log {
Log? Or log ? It is case sensitive.
> destination = files
> file = /app_log/radius/radius.log
> auth = yes
> auth_badpass = yes
> auth_goodpass = yes
> }
>
> Difference between cases are runtime parameters:
> 1. /storage/app/radius/freeradius-3.0.0/sbin/radiusd -d
> /storage/app/radius/raddb/auth
> 2. /storage/app/radius/freeradius-3.0.0/sbin/radiusd -x -d
> /storage/app/radius/raddb/auth
...
> I will not see any auth log message in the main radius log file
> /app_log/radius/radius.log ( somethink like ):
> Tue Jun 18 08:12:55 2013 : Auth: Login OK: [g...@test.sk/tojejedno] (from
> client IPSECgtw-01-BB1 port 997 cli 42199522)
The messages should be there.
Run it in debugging mode to see if the "auth*" configuration items are
parsed correctly.
It should also print the "Login OK" messages in debugging mode, too.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Log auth message
Alan,
My mistake. I didnt give you exact information.
I used test request ( in both cases ):
NAS-Identifier = "ggsn-01-bb2.orange.sk"
User-Name = "g...@test.sk"
User-Password = "tojejedno"
NAS-IP-Address = 213.151.211.225
NAS-Port-Type = Virtual
Called-Station-Id = "GRETEST01BB2.VPS"
Calling-Station-Id = "42199522"
Service-Type = Framed-User
Framed-Protocol = GPRS-PDP-Context
Acct-Session-Id = "d597d9250ac7aeba"
Acct-Multi-Session-Id = "d597d92505600f87"
For testing i used this freeradius version:
radiusd: FreeRADIUS Version 3.0.0, for host x86_64-unknown-linux-gnu, built on
May 16 2013 at 19:51:06
Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.
...
Configuration ( for logging in radiusd.conf ):
Log {
destination = files
file = /app_log/radius/radius.log
auth = yes
auth_badpass = yes
auth_goodpass = yes
}
Difference between cases are runtime parameters:
1. /storage/app/radius/freeradius-3.0.0/sbin/radiusd -d
/storage/app/radius/raddb/auth
2. /storage/app/radius/freeradius-3.0.0/sbin/radiusd -x -d
/storage/app/radius/raddb/auth
In case 1. :
When i sent test request
radiusd@tdrad1test:/storage/app/radius/test$ ./run-auth.sh gre/auth1.req 1
Sending Access-Request of id 87 to 127.0.0.1 port 1812
NAS-Identifier = "ggsn-01-bb2.orange.sk"
User-Name = "g...@test.sk"
User-Password = "tojejedno"
NAS-IP-Address = 213.151.211.225
NAS-Port-Type = Virtual
Called-Station-Id = "GRETEST01BB2.VPS"
Calling-Station-Id = "42199522"
Service-Type = Framed-User
Framed-Protocol = GPRS-PDP-Context
Acct-Session-Id = "d597d9250ac7aeba"
Acct-Multi-Session-Id = "d597d92505600f87"
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=87, length=44
Framed-Protocol = PPP
Service-Type = Framed-User
Framed-IP-Address = 10.10.10.1
Framed-IP-Netmask = 255.255.255.255
Total approved auths: 1
Total denied auths: 0
Total lost auths: 0
Test result: [ OK ]
I will not see any auth log message in the main radius log file
/app_log/radius/radius.log ( somethink like ):
Tue Jun 18 08:12:55 2013 : Auth: Login OK: [g...@test.sk/tojejedno] (from
client IPSECgtw-01-BB1 port 997 cli 42199522)
In case 2. Is no problem of course.
Thx.
-Original Message-
From: freeradius-users-bounces+peter.balsianok=orange...@lists.freeradius.org
[mailto:freeradius-users-bounces+peter.balsianok=orange...@lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: Monday, June 17, 2013 4:37 PM
To: FreeRadius users mailing list
Subject: Re: Log auth message
BALSIANOK, Peter wrote:
> Is it OK, when i don`t see any log message for authetification process
> ( when i run radiusd only with parameter –d ) ?
Yes.
> Log output:
>
> Mon Jun 17 14:01:55 2013 : Info: Loaded virtual server Mon
> Jun 17 14:01:55 2013 : Info: Loaded virtual server default Mon Jun 17
> 14:01:55 2013 : Info: Ready to process requests.
>
> No log messages for authentification process
You do realize that the server logs packets it receives, right?
And if it receives no packets, it doesn't log anything?
> When i add parameter –x ( in command line ), i will see log
> message(s) marked ###
Running it as "radiusd -X" is only suggested in the FAQ, "man" page, web
pages, and daily on this list. But why would you do that?
Follow the documentation. it's not hard.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log auth message
BALSIANOK, Peter wrote: > Is it OK, when i don`t see any log message for authetification process ( > when i run radiusd only with parameter –d ) ? Yes. > Log output: > > Mon Jun 17 14:01:55 2013 : Info: Loaded virtual server > Mon Jun 17 14:01:55 2013 : Info: Loaded virtual server default > Mon Jun 17 14:01:55 2013 : Info: Ready to process requests. > > No log messages for authentification process You do realize that the server logs packets it receives, right? And if it receives no packets, it doesn't log anything? > When i add parameter –x ( in command line ), i will see log message(s) > marked ### Running it as "radiusd -X" is only suggested in the FAQ, "man" page, web pages, and daily on this list. But why would you do that? Follow the documentation. it's not hard. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Log auth message
Hi,
radiusd: FreeRADIUS Version 3.0.0, for host x86_64-unknown-linux-gnu, built on
May 16 2013 at 19:51:06
Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Starting - reading configuration files ...
Is it OK, when i don`t see any log message for authetification process ( when i
run radiusd only with parameter -d ) ?
Radiusd.conf:
...
Log {
...
auth = yes
auth_badpass = yes
auth_goodpass = yes
}
Log output:
Mon Jun 17 14:01:55 2013 : Info: Loaded virtual server
Mon Jun 17 14:01:55 2013 : Info: Loaded virtual server default
Mon Jun 17 14:01:55 2013 : Info: Ready to process requests.
No log messages for authentification process
When i add parameter -x ( in command line ), i will see log message(s) marked
###
Log output:
Mon Jun 17 13:57:28 2013 : Info: Loaded virtual server
Mon Jun 17 13:57:28 2013 : Info: Loaded virtual server default
Mon Jun 17 13:57:28 2013 : Info: Ready to process requests.
Mon Jun 17 14:01:14 2013 : Info: Signalled to terminate
Mon Jun 17 14:01:14 2013 : Info: Exiting normally.
WARNING: Ignoring "sql" (see raddb/mods-available/README.rst)
WARNING: Ignoring "ldap" (see raddb/mods-available/README.rst)
WARNING: Ignoring "sql" (see raddb/mods-available/README.rst)
WARNING: Ignoring "sql" (see raddb/mods-available/README.rst)
radiusd: Opening IP addresses and Ports
Listening on proxy address * port 0
Listening on auth address * port 1812 as server default
Listening on auth address * port 1645 as server default
Ready to process requests.
Waking up in 0.3 seconds.
(0) # Executing section authorize from file
/storage/app/radius/raddb/auth/sites-enabled/default
rlm_perl: Added pair NAS-Port-Type = Virtual
rlm_perl: Added pair Acct-Session-Id = d597d9250ac7aeba
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Calling-Station-Id = 42199522
rlm_perl: Added pair Called-Station-Id = GRETEST01BB2.VPS
rlm_perl: Added pair Framed-Protocol = GPRS-PDP-Context
rlm_perl: Added pair User-Name = 421995222...@gretest01bb2.vps
rlm_perl: Added pair NAS-Identifier = ggsn-01-bb2.orange.sk
rlm_perl: Added pair User-Password = test
rlm_perl: Added pair Acct-Multi-Session-Id = d597d92505600f87
rlm_perl: Added pair Realm = DEFAULT
rlm_perl: Added pair Stripped-User-Name = test
rlm_perl: Added pair NAS-IP-Address = 213.155.110.101
rlm_perl: Added pair Current-Time = 1371470484
### (0) Invalid user: [421905012...@gretest01bb2.vps/test] (from client
localhost port 0 cli 42199522)
(0) # Executing group from file
/storage/app/radius/raddb/auth/sites-enabled/default
Waking up in 0.7 seconds.
Waking up in 1.9 seconds.
Ready to process requests.
Thank you very much.
Peter Balšianok
Data Service Operation Coordinator,
Voice & Data Services Operations
Orange Slovensko, a. s.
Metodova 8, 821 08 Bratislava
tel: +421 908 00 2405
mobil: +421 905 012 405
e-mail: peter.balsia...@orange.sk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
