Re: Invalid User in RADIUS Logs
Hi, Thanks! Is there a way that I can set log level in RADIUS to make it log like when in debug mode? Coz I cannot trace exactly what causes the 'Invalid user' log in RADIUS. I have already confirmed that for this case it is not the password. So now, I'm left to look into other causes. thanks a lot! det From: Alan DeKok al...@deployingradius.com To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Tuesday, December 13, 2011 11:32 PM Subject: Re: Invalid User in RADIUS Logs det.explo...@yahoo.com wrote: Will a wrong password also will sometimes log 'invalid user' in the RADIUS log file? Coz recently i get a lot of these in the log file. But the users are actually valid and was able to authenticate successfully later on. Just want to get possible reasons on what could be causing RADIUS to log that. I'm also suspecting perhaps it was not able to lookup/connect to MySQL db at that time. Would that be possible cause also? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Invalid User in RADIUS Logs
On Wed, Dec 14, 2011 at 3:58 PM, Det Det det.explo...@yahoo.com wrote: Hi, Thanks! Is there a way that I can set log level in RADIUS to make it log like when in debug mode? Coz I cannot trace exactly what causes the 'Invalid user' log in RADIUS. I have already confirmed that for this case it is not the password. So now, I'm left to look into other causes. Yes, there is a way. Take a look at the comments logging section in your radiusd.conf - https://github.com/alandekok/freeradius-server/blob/v2.1.x/raddb/radiusd.conf.in#L410 thanks a lot! det From: Alan DeKok al...@deployingradius.com To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Tuesday, December 13, 2011 11:32 PM Subject: Re: Invalid User in RADIUS Logs det.explo...@yahoo.com wrote: Will a wrong password also will sometimes log 'invalid user' in the RADIUS log file? Coz recently i get a lot of these in the log file. But the users are actually valid and was able to authenticate successfully later on. Just want to get possible reasons on what could be causing RADIUS to log that. I'm also suspecting perhaps it was not able to lookup/connect to MySQL db at that time. Would that be possible cause also? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Nic Cope Simian Reliability Engineer Google Australia - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Invalid User in RADIUS Logs
On Thu, Dec 15, 2011 at 6:58 AM, Det Det det.explo...@yahoo.com wrote:
Hi,
Thanks!
Is there a way that I can set log level in RADIUS to make it log like when
in debug mode? Coz I cannot trace exactly what causes the 'Invalid user' log
in RADIUS. I have already confirmed that for this case it is not the
password. So now, I'm left to look into other causes.
One was is to just run in it debug mode. Another way is to tun it with
one or more -x (see man radiusd).
Yet another way, from radiusd.conf:
# Logging can be enabled for an individual request by a special
# dynamic expansion macro: %{debug: 1}, where the debug level
# for this request is set to '1' (or 2, 3, etc.). e.g.
#
# ...
# update control {
# Tmp-String-0 = %{debug:1}
# }
# ...
#
# The attribute that the value is assigned to is unimportant,
# and should be a throw-away attribute with no side effects.
you can choose which request to debug using unlang. For example
(untested), on authorize block:
if (%{User-Name} == The-User-You-Want-to-Debug) {
update control {
Tmp-String-0 = %{debug:3}
}
}
... and finally, you can also use radmin. See
http://freeradius.org/radiusd/man/radmin.html, look for debug
--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Invalid User in RADIUS Logs
Hi, Will a wrong password also will sometimes log 'invalid user' in the RADIUS log file? Coz recently i get a lot of these in the log file. But the users are actually valid and was able to authenticate successfully later on. Just want to get possible reasons on what could be causing RADIUS to log that. I'm also suspecting perhaps it was not able to lookup/connect to MySQL db at that time. Would that be possible cause also? Thanks, Det - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Invalid User in RADIUS Logs
det.explo...@yahoo.com wrote: Will a wrong password also will sometimes log 'invalid user' in the RADIUS log file? Coz recently i get a lot of these in the log file. But the users are actually valid and was able to authenticate successfully later on. Just want to get possible reasons on what could be causing RADIUS to log that. I'm also suspecting perhaps it was not able to lookup/connect to MySQL db at that time. Would that be possible cause also? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Question on Radius logs
Hi All, Real quick and I am sure easy question here. I read through the unlang man page, really helped in getting a clue. One thing I was wondering though, is there a way to output text to the log based on a condition? What I mean is something like if x!=y then printf( x did not equal y). This would be for debugging and log review. Currently we use Cisco ACS, which with all it's limitations the one thing that is great about it is it's pass/fail logs. Our techs use them all the time to diagnose problems. If I could inject text strings into the logs when certain issues occur it would make it a lot easier to figure out scripts as well as make common issues easier for techs to troubleshoot. From what I can tell in the unlang man page it did not mention this, perhaps I missed it though. Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Radius logs
--On Tuesday, February 01, 2011 08:41:54 -0800 Brett Littrell blittr...@musd.org wrote: Hi All, Real quick and I am sure easy question here. I read through the unlang man page, really helped in getting a clue. One thing I was wondering though, is there a way to output text to the log based on a condition? What I mean is something like if x!=y then printf( x did not equal y). This would be for debugging and log review. Currently we use Cisco ACS, which with all it's limitations the one thing that is great about it is it's pass/fail logs. Our techs use them all the time to diagnose problems. If I could inject text strings into the logs when certain issues occur it would make it a lot easier to figure out scripts as well as make common issues easier for techs to troubleshoot. From what I can tell in the unlang man page it did not mention this, perhaps I missed it though. Hi Brett, It sounds like the linelog module may do what you need, in conjunction with unlang for the conditionals: https://github.com/alandekok/freeradius-server/blob/v2.1.x/raddb/modules/linelog Regards, James -- James J J Hooper Network Specialist Information Services University of Bristol http://www.wireless.bristol.ac.uk -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Radius logs
Hi James, That looks perfect for the tech logs, thanks. The debugging side was a little different, I was thinking about inputting text strings in the middle of unlang scripts. Usually when I write say a C program I will pop in a lot of printf's with variables so I know what a variable is in a program, well use to anyway debuggers make that to easy now to waste time on it. For freeradius I was not sure if there was similar functionality. I am guessing there is not, I was kind of thinking it may be a stretch to add something like that in a config file. Thanks for the linelog module, that will really help a lot!!. Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE On Tuesday, February 01, 2011 at 9:02 AM, in message 57DE4B8C2C2D9555B06A9046@valium, James J J Hooper jjj.hoo...@bristol.ac.uk wrote: --On Tuesday, February 01, 2011 08:41:54 -0800 Brett Littrell blittr...@musd.org wrote: Hi All, Real quick and I am sure easy question here. I read through the unlang man page, really helped in getting a clue. One thing I was wondering though, is there a way to output text to the log based on a condition? What I mean is something like if x!=y then printf( x did not equal y). This would be for debugging and log review. Currently we use Cisco ACS, which with all it's limitations the one thing that is great about it is it's pass/fail logs. Our techs use them all the time to diagnose problems. If I could inject text strings into the logs when certain issues occur it would make it a lot easier to figure out scripts as well as make common issues easier for techs to troubleshoot. From what I can tell in the unlang man page it did not mention this, perhaps I missed it though. Hi Brett, It sounds like the linelog module may do what you need, in conjunction with unlang for the conditionals: https://github.com/alandekok/freeradius-server/blob/v2.1.x/raddb/modules/linelog Regards, James -- James J J Hooper Network Specialist Information Services University of Bristol http://www.wireless.bristol.ac.uk -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Radius logs
Hi, as James says...unlang with linelog module.. if you want to do more, then thats easy too - just use PERL module and use unlang with a call to a logging PERL module - the world is your oyster at that stage regarding what you can do - with your printf's etc :-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Radius logs
Thanks Alan, Did not think about calling the perl module, that should work very well... thanks Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE On Tuesday, February 01, 2011 at 10:15 AM, in message 20110201181525.ga9...@lboro.ac.uk, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote: Hi, as James says...unlang with linelog module.. if you want to do more, then thats easy too - just use PERL module and use unlang with a call to a logging PERL module - the world is your oyster at that stage regarding what you can do - with your printf's etc :-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Radius logs
The debugging side was a little different, I was thinking about inputting
text strings in the middle of unlang scripts
If you run radiusd -X you will see the output of expansions, so you can do
if (DEBUG: I am looking at %{foo} and %{bar}) {
}
and you'll see the text in the log. Experimentation suggests that the
closing brace can't be on the same line as the opening brace though.
Actually, there is a %{debug:} expansion, but it just sets the debug level
to the (integer) argument, and doesn't actually send a debug message.
Setting the Reply-Message attribute can be useful for debugging too.
HTH,
Brian.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Radius logs
Brett Littrell wrote: For freeradius I was not sure if there was similar functionality. I am guessing there is not, I was kind of thinking it may be a stretch to add something like that in a config file. See radmin, and raddebug. They can print full debugging logs for a particular user, while the server is running in daemon mode. *Much* more useful than printf. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Logs in database (It was Re: rlm_ldap logs)
2009/8/28 Sergio Belkin seb...@gmail.com: Hi I am using Version 2.1.1 with openldap on Centos 5 I wonder if is feasible dumping to logs when user gets login incorrect if due to non-existance of that uid on Ldap. Thanks in advance! -- -- Shame on me! That's is something that already logs do: Fri Aug 28 18:48:08 2009 : Auth: Login incorrect (rlm_ldap: User not found): [zz...@zz.zzz] (from client port 0 via TLS tunnel) Thanks y Sorry Even so I'd like to find a way to store radius logs on a database. Does exist such a tool? I need to perform some queries on them, for example, what users that had an incorrect login (eg bad password or certificate) after some time they could get an OK. Perhaps, some of you have an idea about how can I do that. Thanks in advance -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Logs
Hi there Freeradius 1.1.2, Fedora Core 4, MySQL 4.1.16 I use the RADIUS logs to calculate usage for a client. What I want to do is separate the internal FTP traffic (which is classified as free traffic) from the rest of the traffic so that I can charge the client accordingly. Any Help would be appreciated, I am fairly new to this. Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius Logs
Grant Wright [EMAIL PROTECTED] wrote: I use the RADIUS logs to calculate usage for a client. What I want to do is separate the internal FTP traffic (which is classified as free traffic) from the rest of the traffic so that I can charge the client accordingly. Unless the NAS sends information saying what is FTP and what isn't, this is impossible. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
