radius.log

[Anson Rinesmith]

Can anyone tell me where the radius.log file is configured? I would
like to have a file for each realm.

radius.log

[Anson Rinesmith]

I’m getting this type of error for many different users, any idea
what this error means?

It’s always 16 *’s followed by some random characters.

 

Wed Feb 18 04:34:14 2004 : Auth: Login incorrect:
[ear/q] (from client radiusproxy port 2 cli ) );
Wed Feb 18 04:33:29 2004 : Auth: Login incorrect: [ear/\002]
(from client radiusproxy port 2 cli ) );
Wed Feb 18 04:31:49 2004 : Auth: Login incorrect: [ear/_] (from
client radiusproxy port 0 cli ) );
Wed Feb 18 04:30:07 2004 : Auth: Login incorrect: [ear/\317]
(from client radiusproxy port 0 cli ) );
Wed Feb 18 04:28:24 2004 : Auth: Login incorrect: [ear/\344]
(from client radiusproxy port 3 cli ) );

Wed Feb 18 04:19:02 2004 : Auth: Login incorrect: [iluvpear/+]
(from client radiusproxy port 0 cli) );
Wed Feb 18 04:17:19 2004 : Auth: Login incorrect: [iluvpear/\340]
(from client radiusproxy port 0 cli  );
Wed Feb 18 04:15:40 2004 : Auth: Login incorrect: [iluvpear/z]
(from client radiusproxy port 0 cli ) );
Wed Feb 18 03:04:10 2004 : Auth: Login incorrect: [billiem/\205]
(from client radiusproxy port 6 cli ) );
Wed Feb 18 03:03:20 2004 : Auth: Login incorrect: [billiem/)]
(from client radiusproxy port 6 cli ) );
Wed Feb 18 03:02:31 2004 : Auth: Login incorrect: [billiem/\355]
(from client radiusproxy port 6 cli ) );

 

Anson Rinesmith

Internet Operations Manager

Big River Telephone Company

800-455-1608 x106

573-382-0555

www.bigrivertelephone.com

 

Real People.  Real Service.  Real Simple.



 






<>

radius.log test?

[OzSpots - Carl Sawers]

Hi all,  I have suddenly started seeing this in the radius.log ( 2.2) 

 

Mon Jul 18 11:36:23 2011 : Auth: Login incorrect:
[TEST/<+\253\362\023\213\223-~\272\257]$\003\033\211] (from client
localhost port 0)

 

All seems well besides this. It started happening a day ago every 30
seconds. Anyone understand what this is?

 

Regards

 

Carl 

 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radius.log rotation

[Shreya Shah]

Hi,

How can we rotate radius.log file ?

-Shreya.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Parsing radius.log

[Thor Spruyt]

Hi,

According to me, this is the start:

if ($line =~ /^([\w ]+) : (\w+): (.+)$/) {
$datetime = $1;
$type = $2;
$message = $3;
}

I agree that splitting up the $message part further is not easy.
Maybe the developers could agree on a more granular logformat.

Regards,
Thor.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radius.log question

[Edgars]

Hello!
i can't find out why the following sentance is appearing in the line 
below - ...:

Auth: Login OK: [a/] (from client uz galda 
port 12534 cli 1.1.1.2)

Edgars
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log

[Alan DeKok]

"Anson Rinesmith" <[EMAIL PROTECTED]> wrote:
> Can anyone tell me where the radius.log file is configured?

$ grep radius.log /etc/raddb/*

> I would like to have a file for each realm.

  That is not currently supported.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: radius.log

[Anson Rinesmith]

> "Anson Rinesmith" <[EMAIL PROTECTED]> wrote:
> > Can anyone tell me where the radius.log file is configured?
> 
> $ grep radius.log /etc/raddb/*
I know where the file is
> 
> > I would like to have a file for each realm.
> 
>   That is not currently supported.
Can you think of a way to pull certain information from the radius.log file?
I proxy to my realms based on "Called-Station-ID". Each ISP that would dial
into the NAS would like to see their own error log? Anyone tinkered with
this successfully, even mildly?
I would be willing to poke at the code and recompile if necessary, but that
is certainly not my forte.
> 
>   Alan DeKok.
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log

[Alan DeKok]

Anson Rinesmith" <[EMAIL PROTECTED]> wrote:
> Can you think of a way to pull certain information from the radius.log
> file?

  grep?

> I proxy to my realms based on "Called-Station-ID". Each ISP that would
> dial
> into the NAS would like to see their own error log? Anyone tinkered with
> this successfully, even mildly?

  Not so far.

> I would be willing to poke at the code and recompile if necessary, but
> that is certainly not my forte.

  It shouldn't be too hard to do.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: radius.log

[Anson Rinesmith]

Alan,

Would you be willing to work with me some off the mailing list?

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:freeradius-
> [EMAIL PROTECTED] On Behalf Of Alan DeKok
> Sent: Monday, January 26, 2004 1:17 PM
> To: [EMAIL PROTECTED]
> Subject: Re: radius.log
> 
> Anson Rinesmith" <[EMAIL PROTECTED]> wrote:
> > Can you think of a way to pull certain information from the radius.log
> > file?
> 
>   grep?
> 
> > I proxy to my realms based on "Called-Station-ID". Each ISP that would
> > dial
> > into the NAS would like to see their own error log? Anyone tinkered with
> > this successfully, even mildly?
> 
>   Not so far.
> 
> > I would be willing to poke at the code and recompile if necessary, but
> > that is certainly not my forte.
> 
>   It shouldn't be too hard to do.
> 
>   Alan DeKok.
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log

[Alan DeKok]

"Anson Rinesmith" <[EMAIL PROTECTED]> wrote:
> Would you be willing to work with me some off the mailing list?

  Yup.  Mail me at privately.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log

[Guy Fraser]

This may be possible with webmin as well.

You could make a cutom command for each 'ISP' that would grep the log 
file for their "realm" and return matched sets of data.

I use something like this for my non technical staff to find customer 
info in the log file.

One of these days I will stat looking into fixing the way the log file 
is created so that the logfile can be dated, at that time I may see if 
it would be feasible to extend the functionality to allow seperate logs 
per "realm" and/or "DSN"{Dialed Station Number.}

I have been patiently waiting for my dialup admin/bin patches to be 
applied to CVS. I don't like to have to layer my patches onto the 
current CVS, while doing additional development. Since my Customized 
Cistron still works flawlessly, I am not under a lot of preasure to 
switch to FreeRadius, so as time permits I have been helping with the 
PostgreSQL features. The custom log file naming is one of the feature I 
will need before I can implement FreeRadius, so eventualy I will be 
looking at it, if someone else doesn't beat me to it.

I have been busy with other DB + PHP projects lately. One of the PHP 
functions I have written recently may be able to be enhaced to provide 
an html table of results parsed from the log file. I am interested to 
try it, when I get a chance.

Good Luck

Anson Rinesmith wrote:

Alan,

Would you be willing to work with me some off the mailing list?

 

-Original Message-
From: [EMAIL PROTECTED] [mailto:freeradius-
[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Monday, January 26, 2004 1:17 PM
To: [EMAIL PROTECTED]
Subject: Re: radius.log
Anson Rinesmith" <[EMAIL PROTECTED]> wrote:
   

Can you think of a way to pull certain information from the radius.log
file?
 

 grep?

   

I proxy to my realms based on "Called-Station-ID". Each ISP that would
dial
into the NAS would like to see their own error log? Anyone tinkered with
this successfully, even mildly?
 

 Not so far.

   

I would be willing to poke at the code and recompile if necessary, but
that is certainly not my forte.
 

 It shouldn't be too hard to do.

 Alan DeKok.

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
   



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 

--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radius.log rotate?

[Anson Rinesmith]

Does the radius.log file rotate when it gets large?

If not, has anyone written a script to do this?

 

Thanks,

 

 

Anson

 

Re: radius.log test?

[Alan Buxey]

hi,

>All seems well besides this. It started happening a day ago every 30
>seconds. Anyone understand what this is?

check your changelog or revision control notes to see waht was done a day ago?

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: radius.log test?

[OzSpots - Carl Sawers]

Thanks for that, rather odd, I ran radius -X  and found the location the
request was coming from, it was one of our pc's which must have been
running a test in the background, a reboot turned it off. cheers

Regards

Carl 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log rotation

[Fajar A. Nugraha]

On Thu, Mar 15, 2012 at 11:21 AM, Shreya Shah  wrote:
> Hi,
>
> How can we rotate radius.log file ?

Depends on how you installed it.

Distro-bundled ones should already have a log rotate config setup on
/etc/logrotate.d. If you install it from source, see the included
examples on source tarball. For example, redhat/freeradius-logrotate

-- 
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radius.log on DB

[AemNet]

Hi everybody

 is there any way log the requests for the radius in a DB like MySQL? 
In other words is possible to put radius.log entry in a DB without use 
the local system syslog daemon?

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radius.log not working

[Michael Humphries]

Free radius is accepting requests and everything is working
as it should except that the radius.log is not propagating.  I changed the
IP address of the server and moved it to a new location.  The portmasters
are authenticating to it and I see the requests coming in under radius –X
however radius.log has not changed since the move.  I am not sure where
else to look I have googled this to  no avail. Any help would be great

 

Thank you for choosing 
--
Michael J Humphries 


Penstar Office Center, Suite 101
1431 N. 26th Street
Escanaba, MI 49829
Phone: 906.786.3583 ext. 139
Fax: 906.786.4300
E-Mail: mhumphr...@dstech.us
www.dstech.us

 






-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radius.log permissions issue

[Philip Molter]

With freeradius 2.1.6, I have a configuration such as this in my 
radiusd.conf file:


user = radiusd
group = radiusd

When I start up radiusd for the first time, the radius.log file gets 
created with 0640 permissions, owned by root:radiusd, instead of 
radiusd:radiusd.  This doesn't prevent the RADIUS process from working, 
but it does prevent any useful information from being logged.


Is this a known bug?  Is there a workaround other than creating the file 
by hand and setting its ownership before starting freeradius?


Philip
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: radius.log question

[Anson Rinesmith]

Most likely, the user did not enter a password to be sent. Thus no
User-Password attribute.

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:freeradius-
> [EMAIL PROTECTED] On Behalf Of Edgars
> Sent: Wednesday, October 13, 2004 8:08 AM
> To: [EMAIL PROTECTED]
> Subject: radius.log question
> 
> Hello!
> 
> i can't find out why the following sentance is appearing in the line
> below - ...:
> 
> Auth: Login OK: [a/] (from client uz galda
> port 12534 cli 1.1.1.2)
> 
> Edgars
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log question

[Edgars]

but the user is using a password for authentication..
Edgars
Anson Rinesmith wrote:
Most likely, the user did not enter a password to be sent. Thus no
User-Password attribute.
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:freeradius-
[EMAIL PROTECTED] On Behalf Of Edgars
Sent: Wednesday, October 13, 2004 8:08 AM
To: [EMAIL PROTECTED]
Subject: radius.log question
Hello!
i can't find out why the following sentance is appearing in the line
below - ...:
Auth: Login OK: [a/] (from client uz galda
port 12534 cli 1.1.1.2)
Edgars
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
   


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log question

[Alan DeKok]

Edgars <[EMAIL PROTECTED]> wrote:
> but the user is using a password for authentication..

  Yes, but they are not sending that password to the RADIUS server, as
there is no User-Password attribute in the RADIUS packet.

  The user is typing a password into a window on their computer.
Their computer is using that password to do all sorts of work, but it
does NOT send the password to anyone.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Error in Radius.log

[LeRoy DeVries]

I'm getting the following error in the radius log and don't know how to handle 
it. I assume it's handled somewhere within the radius.conf file but I can't 
find anything about it. 

Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: Unknown 
attribute "Max-All-Session"
Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): Error getting data from 
database
Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): SQL query error; rejecting 
user

I'm a newbie to all this and am stumbling along :)

-- 
LeRoy & Dorothy
Location: http://map.datastormusers.com/user2.cfm?user=1591
My Web Page: http://www.rvfulltimer.com
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Error in radius.log

[nake116 nake116]

Fri Feb 18 06:26:50 2005 : Info: Using deprecated naslist file.  Support
for this will go away soon.
Fri Feb 18 06:26:50 2005 : Info: Using deprecated clients file.  Support
for this will go away soon.
Fri Feb 18 06:26:50 2005 : Info: Using deprecated realms file.  Support
for this will go away soon.
Fri Feb 18 06:26:50 2005 : Error: rlm_eap_tls: conf N ctx stored
Fri Feb 18 06:26:50 2005 : Info: Listening on IP address *, ports 1812/u
dp and 1813/udp, with proxy on 1814/udp.
Fri Feb 18 06:26:50 2005 : Info: Ready to process requests.
 What is cause of this problem ?, and how to fix it ? -

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

errors in radius.log

[Ahmad Cheikh Moussa]

Hi!
I have a freeradius 0.9.3 with Solaris 8.
I got all the time these error messages:
Thu Apr 28 07:21:55 2005 : Error: rlm_radutmp: Logout entry for NAS 
1.1.1.1 port 1610613128 has wrong ID
Thu Apr 28 07:22:05 2005 : Error: rlm_radutmp: Logout entry for NAS 
1.1.1.1 port 1610613218 has wrong ID
Thu Apr 28 07:22:13 2005 : Error: rlm_radutmp: Logout entry for NAS 
1.1.1.1 port 1610612888 has wrong ID

The NAS is a juniper dslam.
I've searched the mailinglist, but I did't find anything which
could explain this error.
Can anyone tell me what this error means amd how can I get rid
of this ?
regards,
 Ahmad

--
Ahmad Cheikh-Moussa
NetUSE AG
Dr.-Hell-Straße, 24107 Kiel, Germany
Telefon: +49 431 2390 400 --  Telefax: +49 431 2390 499
Service: [EMAIL PROTECTED] --  http://NetUSE.DE/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

errors in radius.log

[Ahmad Cheikh Moussa]

Hi!
I have a freeradius 0.9.3 with Solaris 8.
I got all the time these error messages:
Thu Apr 28 07:21:55 2005 : Error: rlm_radutmp: Logout entry for NAS
1.1.1.1 port 1610613128 has wrong ID
Thu Apr 28 07:22:05 2005 : Error: rlm_radutmp: Logout entry for NAS
1.1.1.1 port 1610613218 has wrong ID
Thu Apr 28 07:22:13 2005 : Error: rlm_radutmp: Logout entry for NAS
1.1.1.1 port 1610612888 has wrong ID
The NAS is a juniper dslam.
I've searched the mailinglist, but I did't find anything which
could explain this error.
Can anyone tell me what this error means amd how can I get rid
of this ?
regards,
 Ahmad

--
Ahmad Cheikh-Moussa
NetUSE AG
Dr.-Hell-Straße, 24107 Kiel, Germany
Telefon: +49 431 2390 400 --  Telefax: +49 431 2390 499
Service: [EMAIL PROTECTED] --  http://NetUSE.DE/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Mulitple radius.log files

[Anson Rinesmith]

I am trying to set up a scenario with an Ascend NAS. Using freeradius
0.7.0 as a proxy on FreeBSD 5.2, I can successfully test authentication with ntradping.

I use the users file to do proxying based on
Called-Station-ID, sending different dialed numbers to different radius
servers.

I am getting “Auth: Login OK” and “Auth:
Login incorrect” messages to my radius.log file.

I was thinking if I put a line in the files {} section of radiusd.conf,
that I could make a separate radius.log file based on what realm I proxied to
or Called-Station-ID.

I’ve done some trial and error, but nothing works. Am
I on the right track? Where would I put such a command, or am I just missing
what I should change?

 

logdir = ${localstatedir}//%{Called-Station-ID}/radius.log

is the most logical think I’ve tried.

 

Anson Rinesmith

 

Re: radius.log rotate?

[Dennis Rex]

Not sure which one you are using, but there are scripts for Debian, SuSE
and RH included with the 0.9.3 package.


On Fri, 2004-02-13 at 08:43, Anson Rinesmith wrote:
> Does the radius.log file rotate when it gets large?
> 
> If not, has anyone written a script to do this?
> 
>  
> 
> Thanks,
> 
>  
> 
>  
> 
> Anson
> 
>  
> 
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log rotate?

[Guy Fraser]

Anson Rinesmith wrote:

Does the radius.log file rotate when it gets large?

If not, has anyone written a script to do this?

 

Thanks,

 

 

Anson

 

I have been meaning to look into having the log file dynamically named.

I made a patch for Cistron Radius that dynamically named.

Example:

/var/log/radius/%Y%b%d.log

Today's file is :

/var/log/radius/2004Feb13.log

I will look at this issue, and try to get the patch into CVS.
Hopfully the patch will make it into CVS before v1.0.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: radius.log rotate?

[Anson Rinesmith]

I found that for now the easiest way for me is to edit newsyslog.conf
(FreeBSD 4.6) and add that file in there. Works pretty well so far.

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:freeradius-
> [EMAIL PROTECTED] On Behalf Of Guy Fraser
> Sent: Friday, February 13, 2004 11:33 AM
> To: [EMAIL PROTECTED]
> Subject: Re: radius.log rotate?
> 
> Anson Rinesmith wrote:
> 
> > Does the radius.log file rotate when it gets large?
> >
> > If not, has anyone written a script to do this?
> >
> >
> >
> > Thanks,
> >
> >
> >
> >
> >
> > Anson
> >
> >
> >
> I have been meaning to look into having the log file dynamically named.
> 
> I made a patch for Cistron Radius that dynamically named.
> 
> Example:
> 
> /var/log/radius/%Y%b%d.log
> 
> Today's file is :
> 
> /var/log/radius/2004Feb13.log
> 
> I will look at this issue, and try to get the patch into CVS.
> Hopfully the patch will make it into CVS before v1.0.
> 
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log rotate?

[Guy Fraser]

Anson Rinesmith wrote:

I found that for now the easiest way for me is to edit newsyslog.conf
(FreeBSD 4.6) and add that file in there. Works pretty well so far.
 

Absolutely.

After spending a while reading the code in CVS, I have determined it 
will take
a bit of work to have dynamically named log files. In order to make it work
consistantly with the rest of FreeRadius I am considering a rlm_log feature.

This rlm_log feature would be similar to rlm_detail in naming 
convention, but
one significant difference. Some information will not have a radius request
associated with it, so it will have to have a "system" log, where that 
type of
data will be located.

The reason I am considering this feature, is that some people have asked 
for it
and I work for an ISP that administrates other smaller ISP's. I have 
been asked
in the past to give access to people in affialiated ISP's, but they only 
want to
see traffic for their realm. A log file named like :

%L/%{Realm}/%Y%m%d.log

That translates to:

/path/to/logdir/SomeISP.com/20040213.log

Would make it possible to do, and files would be renamed on the fly.

Well, it's Friday night and I'm an hour past going home time, so I'll 
get back
to this on Tuesday {Monday is a holiday :-)}.



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log rotate?

[Alex French]

Guy,

That would be a really neat feature for us, too.

If you're considering implementing it, I have a feature request: it 
would be great if there was also the option to have a "complete" 
logfile containing all realms, in addition to the broken-out files. 
This would allow for easier debugging (i.e. if you suspect a user is 
mistyping their realm and don't want to have to tail 5 files to 
check).

Thanks,

Alex

At 5:47 PM -0700 13/02/2004, Guy Fraser wrote:
The reason I am considering this feature, is that some people have 
asked for it
and I work for an ISP that administrates other smaller ISP's. I have 
been asked
in the past to give access to people in affialiated ISP's, but they 
only want to
see traffic for their realm. A log file named like :

%L/%{Realm}/%Y%m%d.log

That translates to:

/path/to/logdir/SomeISP.com/20040213.log

Would make it possible to do, and files would be renamed on the fly.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log rotate?

[Alan DeKok]

Guy Fraser <[EMAIL PROTECTED]> wrote:
> After spending a while reading the code in CVS, I have determined it
> will take a bit of work to have dynamically named log files.

  The largest problem is that the log functions don't take a REQUEST
data structure.  The more I think about it, the more I think that
nearly everything should be keyed off of REQUEST.

> In order to make it work consistantly with the rest of FreeRadius I
> am considering a rlm_log feature.

  Sounds good to me.  I think that the code in the server should move
to a new log API, too...

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: radius.log rotate?

[Anson Rinesmith]

if we are making a wish list, I would like to see the error log contain more
info than just Login Incorrect or Login in valid, could it tell us "Username
not found", "Invalid Password", etc...

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Alex
French
Sent: Saturday, February 14, 2004 4:56 AM
To: [EMAIL PROTECTED]
Subject: Re: radius.log rotate?


Guy,

That would be a really neat feature for us, too.

If you're considering implementing it, I have a feature request: it
would be great if there was also the option to have a "complete"
logfile containing all realms, in addition to the broken-out files.
This would allow for easier debugging (i.e. if you suspect a user is
mistyping their realm and don't want to have to tail 5 files to
check).

Thanks,

Alex

At 5:47 PM -0700 13/02/2004, Guy Fraser wrote:
>The reason I am considering this feature, is that some people have
>asked for it
>and I work for an ISP that administrates other smaller ISP's. I have
>been asked
>in the past to give access to people in affialiated ISP's, but they
>only want to
>see traffic for their realm. A log file named like :
>
>%L/%{Realm}/%Y%m%d.log
>
>That translates to:
>
>/path/to/logdir/SomeISP.com/20040213.log
>
>Would make it possible to do, and files would be renamed on the fly.


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

missing radius.log file

[stenmark]

(This should be pretty simple)
I can not find a radius.log file
Is there a setting (maybe in the radiusd.conf) that I missed?

What I can find are these log files:
/usr/local/var/log/radius/radacct/[IP-ADDRESS]/detail-[DATE]
for example:
/usr/local/var/log/radius/radacct/127.0.0.1/detail-20040513

Are these log files the same as the radius.log except broken up into dates?

Thanks,
Evan Stenmark

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Message in "radius.log"

[Jean Frontin]

Hello,

Here is two lines of the radius.log.
Everything in tables looks like okay. Where must I search, I don't 
understand the first line below. So, why is the second line good ?

What does mean "cli" at the end of the second line ?

Wed Jan 31 15:45:05 2007 : Info: rlm_sql (sql): No matching entry in the 
database for request from user [frontin]
Wed Jan 31 15:45:05 2007 : Auth: Login OK: [frontin/xx] (from client 
swsfspare port 0 cli )

Regards

Jean Frontin
System team
I R I T
Université Paul-Sabatier
118, rte de Narbonne
31062 Toulouse cedex 9
France
tel  (33)(0)5 61 55 63 03
mail [EMAIL PROTECTED]


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

eap-mschapv2 and radius.log

[Scott Armitage]

All,

I have noticed a behaviour in the logging and I'm not sure if it is 
misconfiguration on my part, misunderstanding of the expected behaviour or a 
bug.  If I attempt to log in  using EAP-MSCHAPv2 inside of an eap method (e.g. 
PEAP/EAP-MSCHAPv2) I see "Login OK:" for the outer EAP regardless of the result 
of the inner EAP. e.g:

Thu Dec  6 11:10:55 2012 : Auth: Login OK: [scott] (from client pepsi port 0 
cli 02-00-00-00-00-01 via TLS tunnel)
Thu Dec  6 11:10:55 2012 : Auth: Login OK: [scott] (from client pepsi port 0 
cli 02-00-00-00-00-01 via TLS tunnel)
Thu Dec  6 11:10:56 2012 : Auth: Login OK: [anonym...@lboro.ac.uk] (from client 
pepsi port 0 cli 02-00-00-00-00-01)

This means if I have a user with a bad password I get the following in the log:

Thu Dec  6 11:21:37 2012 : Auth: Login OK: [scott] (from client pepsi port 0 
cli 02-00-00-00-00-01 via TLS tunnel)

As the mschap module is waiting for the user to re-enter their password 
eventual it times out.  Therefore this is the only entry in the log.  Which is 
somewhat confusing, as it has actually failed but the only log entry is "Login 
OK".

Has anyone else noticed this behaviour?  or have I configured something wrong?

Regards

Scott Armitage

signature.asc
Description: Message signed with OpenPGP using GPGMail
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log on DB

[Olivier Beytrison]

On 25.03.2013 09:26, AemNet wrote:
> Hi everybody
> 
>  is there any way log the requests for the radius in a DB like MySQL? In
> other words is possible to put radius.log entry in a DB without use the
> local system syslog daemon?

This is not possible directly from freeradius.

What you can do, is tell FreeRadius to log to your syslog deamon (like
syslog-ng) and then tell syslog-ng to write the log within an INSERT
statement for your database. Then you can send this to your database.

Those two links might help you :
http://wiki.freeradius.org/guide/Syslog-HOWTO
http://vermeer.org/docs/1

But this is beyond the scope of the freeradius list

Olivier
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log on DB

[AemNet]

On 25/03/2013 11:05, Olivier Beytrison wrote:


This is not possible directly from freeradius.

What you can do, is tell FreeRadius to log to your syslog deamon (like
syslog-ng) and then tell syslog-ng to write the log within an INSERT
statement for your database. Then you can send this to your database.

Those two links might help you :
http://wiki.freeradius.org/guide/Syslog-HOWTO
http://vermeer.org/docs/1

But this is beyond the scope of the freeradius list

Olivier
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



Thank you for the answer and for the links Olivier, but I prefer don't 
use the syslog system if it's possilbe.
Do you think it's possible instead to use a script (perl/bash anything 
else) after the request arrive and put it in a DB?

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log on DB

[Alex Sharaz]

I the past I've "tail'd" a log file ( this was for squid and not freeradius) 
and piped that into a perl script that would then write things into a database 
but  it's a lot easier using syslog talking to an rsyslog back end database 
that writes things into a database for you.
Rgds
alex

On 25 Mar 2013, at 10:45, AemNet  wrote:

> On 25/03/2013 11:05, Olivier Beytrison wrote:
>> 
>> This is not possible directly from freeradius.
>> 
>> What you can do, is tell FreeRadius to log to your syslog deamon (like
>> syslog-ng) and then tell syslog-ng to write the log within an INSERT
>> statement for your database. Then you can send this to your database.
>> 
>> Those two links might help you :
>> http://wiki.freeradius.org/guide/Syslog-HOWTO
>> http://vermeer.org/docs/1
>> 
>> But this is beyond the scope of the freeradius list
>> 
>> Olivier
>> -
>> List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/users.html
>> 
> 
> Thank you for the answer and for the links Olivier, but I prefer don't use 
> the syslog system if it's possilbe.
> Do you think it's possible instead to use a script (perl/bash anything else) 
> after the request arrive and put it in a DB?
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log on DB

[A . L . M . Buxey]

Hi,

> Thank you for the answer and for the links Olivier, but I prefer
> don't use the syslog system if it's possilbe.
> Do you think it's possible instead to use a script (perl/bash
> anything else) after the request arrive and put it in a DB?

the SQL module has the psotauth table... you could always create your own
table, then use unlang to populate it with whatever you want in the
post-auth section of the server - for accept or reject packets.  that wont
log ALL that might appear in radiusd logfile (eg server messages)

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log on DB

[Chris Knipe]

Perl & File::Tail works very well for things like this...



On Mon, Mar 25, 2013 at 12:45 PM, AemNet  wrote:

> On 25/03/2013 11:05, Olivier Beytrison wrote:
>
>>
>> This is not possible directly from freeradius.
>>
>> What you can do, is tell FreeRadius to log to your syslog deamon (like
>> syslog-ng) and then tell syslog-ng to write the log within an INSERT
>> statement for your database. Then you can send this to your database.
>>
>> Those two links might help you :
>> http://wiki.freeradius.org/**guide/Syslog-HOWTO
>> http://vermeer.org/docs/1
>>
>> But this is beyond the scope of the freeradius list
>>
>> Olivier
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
>> list/users.html 
>>
>>
> Thank you for the answer and for the links Olivier, but I prefer don't use
> the syslog system if it's possilbe.
> Do you think it's possible instead to use a script (perl/bash anything
> else) after the request arrive and put it in a DB?
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
> list/users.html 
>



-- 

Regards,
Chris Knipe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log on DB

[Olivier Beytrison]

On 25.03.2013 11:45, AemNet wrote:
> Thank you for the answer and for the links Olivier, but I prefer don't
> use the syslog system if it's possilbe.
> Do you think it's possible instead to use a script (perl/bash anything
> else) after the request arrive and put it in a DB?

You could make a perl script which pipe the freeradius log file and then
insert the text into a DB. But again that's beyond the scope of this
list. Freeradius doesn't offer the ability to put the log file into a DB.

Olivier B.
-- 

 Olivier Beytrison
 Network & Security Engineer, HES-SO Fribourg
 Mail: oliv...@heliosnet.org
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log not working

[A . L . M . Buxey]

Hi,

please do not mail in HTML - look at this junk and the size
of the email!

>  xmlns:o="urn:schemas-microsoft-com:office:office" 
> xmlns:w="urn:schemas-microsoft-com:office:word" 
> xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"; 
> xmlns="http://www.w3.org/TR/REC-html40";>



>Free radius is accepting requests and everything is working
> as it should except that the radius.log is not propagating.  I changed 
> the
> IP address of the server and moved it to a new location.  The portmasters
> are authenticating to it and I see the requests coming in under radius 
> –X
> however radius.log has not changed since the move.  I am not sure where
> else to look I have googled this to  no avail. Any help would be 
> great

there. thats all the text that needs to be in the email.

have you checked file permissions and the real radiusd.conf - what does
radiusd -x   (small x!) giv you when it runs?  FR wont put anything
into radiusd.log whilst in -X mode (all the output goes to the debug
output!)

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: radius.log not working

[Michael Humphries]

Sorry about the HTML and that did it I did not realize that when in -x it did 
not write to the log as well. Thank you

Thank you for choosing 
--
Michael J Humphries 


Penstar Office Center, Suite 101
1431 N. 26th Street
Escanaba, MI 49829
Phone: 906.786.3583 ext. 139
Fax: 906.786.4300
E-Mail: mhumphr...@dstech.us
www.dstech.us


-Original Message-
From: freeradius-users-bounces+mhumphries=dstech...@lists.freeradius.org 
[mailto:freeradius-users-bounces+mhumphries=dstech...@lists.freeradius.org] On 
Behalf Of a.l.m.bu...@lboro.ac.uk
Sent: Tuesday, July 07, 2009 1:10 PM
To: FreeRadius users mailing list
Subject: Re: radius.log not working

Hi,

please do not mail in HTML - look at this junk and the size
of the email!

>  xmlns:o="urn:schemas-microsoft-com:office:office" 
> xmlns:w="urn:schemas-microsoft-com:office:word" 
> xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"; 
> xmlns="http://www.w3.org/TR/REC-html40";>



>Free radius is accepting requests and everything is working
> as it should except that the radius.log is not propagating.  I changed 
> the
> IP address of the server and moved it to a new location.  The portmasters
> are authenticating to it and I see the requests coming in under radius 
> –X
> however radius.log has not changed since the move.  I am not sure where
> else to look I have googled this to  no avail. Any help would be 
> great

there. thats all the text that needs to be in the email.

have you checked file permissions and the real radiusd.conf - what does
radiusd -x   (small x!) giv you when it runs?  FR wont put anything
into radiusd.log whilst in -X mode (all the output goes to the debug
output!)

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log permissions issue

[A . L . M . Buxey]

Hi,

> Is this a known bug?  Is there a workaround other than creating the file  
> by hand and setting its ownership before starting freeradius?

?? how are you starting this server  - the file/directory should be 
radiusd:radiusd
and when run it will do the 'correct thing' 

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log permissions issue

[Philip Molter]

On Jul 16, 2009, at 4:03 AM, a.l.m.bu...@lboro.ac.uk wrote:


Hi,

Is this a known bug?  Is there a workaround other than creating the  
file

by hand and setting its ownership before starting freeradius?


?? how are you starting this server  - the file/directory should be  
radiusd:radiusd

and when run it will do the 'correct thing'


/usr/sbin/radiusd -d /etc/raddb as user root.  As posted before, the  
config file has directives to switch to user radiusd and group radiusd


The directory has the proper permissions, but the radius.log file  
doesn't exist.  When the radiusd program starts up, it creates the  
radius.log file in the proper directory, but the file has 0640  
permissions owned by user root, group radiusd.


I know that it SHOULD BE radiusd:radiusd.  It is not doing the  
"correct thing".


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log permissions issue

[John Dennis]

On 07/16/2009 08:12 AM, Philip Molter wrote:


On Jul 16, 2009, at 4:03 AM, a.l.m.bu...@lboro.ac.uk wrote:


Hi,


Is this a known bug? Is there a workaround other than creating the file
by hand and setting its ownership before starting freeradius?


?? how are you starting this server - the file/directory should be
radiusd:radiusd
and when run it will do the 'correct thing'


/usr/sbin/radiusd -d /etc/raddb as user root. As posted before, the
config file has directives to switch to user radiusd and group radiusd

The directory has the proper permissions, but the radius.log file
doesn't exist. When the radiusd program starts up, it creates the
radius.log file in the proper directory, but the file has 0640
permissions owned by user root, group radiusd.


FWIW, in our RPM's we force the creation of the radius.log file with 
ownership radiusd:radiusd at installation time before the server even runs.


If you don't force the creation of the file with the right ownership 
then I think the issue revolves around when a log message is first 
emitted. The log file gets created the first time a log message is 
emitted. The server starts as root. During it's initialization phase it 
raises and lowers it's operating permissions between the root and 
radiusd user identity via the fr_suid_up() and fr_suid_down() calls. 
When it gets ready to process events it settles down to radiusd via 
fr_suid_down_permanent().


If the first log message occurs when the server is in a fr_suid_up() 
mode (e.g. running as root instead of as radiusd) then you'll get the 
behavior you've seen.


The code paths are way to complicated for static analysis to see if and 
when a log message might be emitted the server is in a high privilege 
mode. It does seem like it might happen if you start the server in debug 
mode because the server is much more verbose.


There are various strategies to assure the newly created log file has 
the right ownership:


* drop privileges prior to calling fopen()
* call chown() after fclose() at the exit of the logging call.
* pre-create the file if necessary very early during start up.

I think the latter is preferable as it avoid the expense of setting or 
checking for the right ownership for every log message emitted (ouch).


--
John Dennis 

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log permissions issue

[Philip Molter]

John Dennis wrote:
FWIW, in our RPM's we force the creation of the radius.log file with 
ownership radiusd:radiusd at installation time before the server even runs.


If you don't force the creation of the file with the right ownership 
then I think the issue revolves around when a log message is first 
emitted. The log file gets created the first time a log message is 
emitted. The server starts as root. During it's initialization phase it 
raises and lowers it's operating permissions between the root and 
radiusd user identity via the fr_suid_up() and fr_suid_down() calls. 
When it gets ready to process events it settles down to radiusd via 
fr_suid_down_permanent().


The problem is commit 047fe5ca74e3de2c7f32f98154d6655c0cfd7181.

Before this commit, in switch_users(), permissions were unconditionally 
dropped if a user setting was specified, and the 'did_setuid' boolean 
was set no matter what if setuid capability was even possible (ie. even 
if a user name wasn't specified, did_setuid was set to true).


After this commit, the permission drop was abstracted into 
fr_suid_down(), which checks did_setuid before it does anything.  Since 
did_setuid isn't set, fr_suid_down() doesn't do anything.  After that 
call, did_setuid is set to TRUE, so future calls to fr_suid_down() work 
as expected, but all of the time spent between the code there and the 
code in listen.c is run as root, including a check to see if the 
directory is writable that immediately follows setuid in switch_users(). 
 Previous to that commit, that wasn't the behavior.


Basically, that code is the problem.  I'll try to submit a patch later 
today that fixes the problem.


Yes, if an error occurs, there are log messages that get generated 
before suid operations, but as far as I can tell, they're related to 
fatal errors or debug messages.


There are various strategies to assure the newly created log file has 
the right ownership:


* drop privileges prior to calling fopen()
* call chown() after fclose() at the exit of the logging call.
* pre-create the file if necessary very early during start up.

I think the latter is preferable as it avoid the expense of setting or 
checking for the right ownership for every log message emitted (ouch).


The latter is basically what happens, because in switch_users(), the 
daemon tries to make sure it can write to the file as the user it is. 
If the file exists, it's a simple append.  If the file doesn't exist, it 
creates it.  If it can't write, it bails.  Like I said, it just isn't 
the user it thinks it is when this is called (mainconfig.c:629, version 
2.1.6).


Philip
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log permissions issue

[Philip Molter]

John Dennis wrote:
There are various strategies to assure the newly created log file has 
the right ownership:


* drop privileges prior to calling fopen()
* call chown() after fclose() at the exit of the logging call.
* pre-create the file if necessary very early during start up.

I think the latter is preferable as it avoid the expense of setting or 
checking for the right ownership for every log message emitted (ouch).


Attached is a patch that fixes the issue.  Given the way that freeradius 
checks for the ability to write to the logfile, it should perform like 
the latter (in my testing, it does exactly that).


The patch does a couple of things:

1) properly handles setuid changes in early configuration times
2) enables fr_suid_down/up/down_permanently noop calls so that compile 
works when HAVE_SETUID is not defined


Philip
diff -urNp a/src/main/mainconfig.c b/src/main/mainconfig.c
--- a/src/main/mainconfig.c 2009-05-18 06:13:55.0 -0500
+++ b/src/main/mainconfig.c 2009-07-16 10:39:34.0 -0500
@@ -78,7 +78,7 @@ static cached_config_t*cs_cache = NULL;
 /*
  * Systems that have set/getresuid also have setuid.
  */
-uid_t server_uid;
+static uid_t server_uid;
 static gid_t server_gid;
 static const char *uid_name = NULL;
 static const char *gid_name = NULL;
@@ -413,9 +413,9 @@ static int r_mkdir(const char *part)
 
 
 #ifdef HAVE_SETUID
-int did_setuid = FALSE;
+static int has_setuid = FALSE;
 
-#if defined(HAVE_SETRESUID) && defined (HAVE_GETRESUID)
+#if defined(HAVE_SETRESUID) && defined(HAVE_GETRESUID)
 void fr_suid_up(void)
 {
uid_t ruid, euid, suid;
@@ -438,7 +438,7 @@ void fr_suid_up(void)
 
 void fr_suid_down(void)
 {
-   if (!did_setuid) return;
+   if (!has_setuid) return;
 
if (setresuid(-1, server_uid, geteuid()) < 0) {
fprintf(stderr, "%s: Failed switching to uid %s: %s\n",
@@ -457,12 +457,7 @@ void fr_suid_down_permanent(void)
 {
uid_t ruid, euid, suid;
 
-   if (!did_setuid) return;
-
-   if (getresuid(&ruid, &euid, &suid) < 0) {
-   radlog(L_ERR, "Failed getting saved uid's");
-   _exit(1);
-   }
+   if (!has_setuid) return;
 
if (setresuid(server_uid, server_uid, server_uid) < 0) {
radlog(L_ERR, "Failed in permanent switch to uid %s: %s",
@@ -474,13 +469,6 @@ void fr_suid_down_permanent(void)
radlog(L_ERR, "Switched to unknown uid");
_exit(1);
}
-
-
-   if (getresuid(&ruid, &euid, &suid) < 0) {
-   radlog(L_ERR, "Failed getting saved uid's: %s",
-  strerror(errno));
-   _exit(1);
-   }
 }
 #else
 /*
@@ -491,7 +479,7 @@ void fr_suid_up(void)
 }
 void fr_suid_down(void)
 {
-   if (!uid_name) return;
+   if (!has_setuid) return;
 
if (setuid(server_uid) < 0) {
fprintf(stderr, "%s: Failed switching to uid %s: %s\n",
@@ -502,8 +490,20 @@ void fr_suid_down(void)
 void fr_suid_down_permanent(void)
 {
 }
-#endif
+#endif /* HAVE_SETRESUID && HAVE_GETRESUID */
+#else
+void fr_suid_up(void)
+{
+}
+void fr_suid_down(void)
+{
+}
+void fr_suid_down_permanent(void)
+{
+}
+#endif /* HAVE_SETUID */
 
+#ifdef HAVE_SETUID
 /*
  *  Do chroot, if requested.
  *
@@ -609,13 +609,8 @@ static int switch_users(CONF_SECTION *cs
 
 #ifdef HAVE_PWD_H
if (uid_name) {
+   has_setuid = TRUE;
fr_suid_down();
-
-   /*
-*  Now core dumps are disabled on most secure systems.
-*/
-   
-   did_setuid = TRUE;
}
 #endif
 
@@ -657,7 +652,7 @@ static int switch_users(CONF_SECTION *cs
 *  Otherwise, disable core dumps for security.
 *  
 */
-   if (!(debug_flag || allow_core_dumps || did_setuid)) {
+   if (!(debug_flag || allow_core_dumps || has_setuid)) {
 #ifdef HAVE_SYS_RESOURCE_H
struct rlimit no_core;
 
@@ -676,7 +671,7 @@ static int switch_users(CONF_SECTION *cs
 *  running as a daemon, AND core dumps are
 *  allowed, AND we changed UID's.
 */
-   } else if ((debug_flag == 0) && allow_core_dumps && did_setuid) {
+   } else if ((debug_flag == 0) && allow_core_dumps && has_setuid) {
/*
 *  Set the dumpable flag.
 */
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log permissions issue

[Alan DeKok]

John Dennis wrote:
> FWIW, in our RPM's we force the creation of the radius.log file with
> ownership radiusd:radiusd at installation time before the server even runs.

  This should also be in the /etc/init.d/radiusd script.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log permissions issue

[Alan DeKok]

Philip Molter wrote:
> Attached is a patch that fixes the issue.  Given the way that freeradius
> checks for the ability to write to the logfile, it should perform like
> the latter (in my testing, it does exactly that).
> 
> The patch does a couple of things:
> 
> 1) properly handles setuid changes in early configuration times

  OK.

> 2) enables fr_suid_down/up/down_permanently noop calls so that compile
> works when HAVE_SETUID is not defined

  That's needed, yes.

  I've committed a fix based on this that:

a) does suid down earlier
b) lets it build when HAVE_SETUID is not defined
c) calls chown() on the log file to ensure it has the correct owner

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log permissions issue

[Philip Molter]

Alan DeKok wrote:

Philip Molter wrote:

Attached is a patch that fixes the issue.  Given the way that freeradius
checks for the ability to write to the logfile, it should perform like
the latter (in my testing, it does exactly that).

The patch does a couple of things:

1) properly handles setuid changes in early configuration times


  OK.


2) enables fr_suid_down/up/down_permanently noop calls so that compile
works when HAVE_SETUID is not defined


  That's needed, yes.

  I've committed a fix based on this that:

a) does suid down earlier
b) lets it build when HAVE_SETUID is not defined
c) calls chown() on the log file to ensure it has the correct owner


Thanks Alan.  I'll point out the HAVE_SETUID ifdef used within the 
switch_users() function is redundant.  The entire function is wrapped in 
HAVE_SETUID.


Philip
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

send radius.log to mysql

[cktan]

Dear all,

I'm looking for possibility to inject the log from radius.log into mysql 
DB for some monitoring purpose. Any better suggestion? I tried with 
Syslog-NG and it just won't send radius.log to my syslog server but only 
system log...


Regards
CK

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Error in Radius.log

[Markus Krause]

Zitat von LeRoy DeVries <[EMAIL PROTECTED]>:

> I'm getting the following error in the radius log and don't know how to
> handle
> it. I assume it's handled somewhere within the radius.conf file but I can't
> find anything about it.
>
> Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: Unknown
> attribute "Max-All-Session"
add a line to your dictionary file (on suse:  /etc/raddb/dictionary):
ATTRIBUTE Max-All-Session 3000 integer


> Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): Error getting data from
> database
are you sure you set the correct variables in sql.conf, e.g. user who is allowd
to connect to sql db and password?
an example:

sql {
server = "localhost"
login = "radiusd"
password "donttellanyone"
}

> Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): SQL query error; rejecting
> user
>
> I'm a newbie to all this and am stumbling along :)
>
> --
> LeRoy & Dorothy
> Location: http://map.datastormusers.com/user2.cfm?user=1591
> My Web Page: http://www.rvfulltimer.com
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

regards
  markus

--
Markus Krause   email: [EMAIL PROTECTED]
Computing CenterTel.: 089 - 89 40 85 99
Group Lottspeich / Proteomics   Fax.: 089 - 89 40 85 98

-
 This message was sent using https://webmail.biochem.mpg.de
If you encounter any problems please report to [EMAIL PROTECTED]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Error in Radius.log

[Lewis Bergman]

LeRoy DeVries wrote:
I'm getting the following error in the radius log and don't know how to handle 
it. I assume it's handled somewhere within the radius.conf file but I can't 
find anything about it. 

Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: Unknown 
attribute "Max-All-Session"
Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): Error getting data from 
database
Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): SQL query error; rejecting 
user


I'm a newbie to all this and am stumbling along :)

You need to check that the dictionary that contains the attribute 
mentioned is included in /etc/raddb/dictionary or wherever your 
radius.conf lists it. Follow the syntax in that file to include it.


--
Lewis Bergman
Texas Communications
4309 Maple St.
Abilene, TX 79602-8044
Off. 325-691-1301
Cell 325-439-0533
fax  325-695-6841
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Error in Radius.log

[LeRoy DeVries]

On Monday 26 December 2005 06:15, Markus Krause wrote:
> Zitat von LeRoy DeVries <[EMAIL PROTECTED]>:
> > I'm getting the following error in the radius log and don't know how to
> > handle
> > it. I assume it's handled somewhere within the radius.conf file but I
> > can't find anything about it.
> >
> > Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair:
> > Unknown attribute "Max-All-Session"
>
> add a line to your dictionary file (on suse:  /etc/raddb/dictionary):
> ATTRIBUTE Max-All-Session 3000 integer
>

Thanks Markus... Now I'm getting the following

Mon Dec 26 08:13:56 2005 : Error: radiusd.conf: "SQL" modules aren't allowed 
in 'authenticate' sections -- they have no such method.

If I remove the sql from that section it doesn't complain. How does sql handle 
this. Also as a side note, I tried logging on using a wireless client and the 
loggin in "failed" both on the sql ( database is populated) and USERS 
(uncommented "steve")  but I can't find any logs on why. 

FWIW I am using Chillispot for a captive portal which uses a SSL web interface 
for the radius server which I config to use sql database and the USERS file. 
The database was made from phpMyPrepaid.  
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Error in Radius.log

[Alan DeKok]

LeRoy DeVries <[EMAIL PROTECTED]> wrote:
> Mon Dec 26 08:13:56 2005 : Error: radiusd.conf: "SQL" modules aren't allowed 
> in 'authenticate' sections -- they have no such method.

  Why did you put it there?

> If I remove the sql from that section it doesn't complain. How does
> sql handle this. Also as a side note, I tried logging on using a
> wireless client and the loggin in "failed" both on the sql (
> database is populated) and USERS (uncommented "steve") but I can't
> find any logs on why.

  Try running the server in debugging mode, as suggested in the FAQ,
README, INSTALL, and daily on this list.

  Honestly, I just don't understand why it's so hard to do that.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Error in Radius.log

[LeRoy DeVries]

On Monday 26 December 2005 09:38, Alan DeKok wrote:
>   Try running the server in debugging mode, as suggested in the FAQ,
> README, INSTALL, and daily on this list.
>
>   Honestly, I just don't understand why it's so hard to do that.
>
>   Alan DeKok.

Sorry I just could not find any info on that. After doing a google search I 
finnaly found it and how to place in debug mode.

Now I why it is failing...

rlm_sqlcounter: Entering module authorize code
Segmentation fault

Now to find out how to fix it. :)

LeRoy  
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Error in Radius.log

[LeRoy DeVries]

On Monday 26 December 2005 10:12, LeRoy DeVries wrote:
> On Monday 26 December 2005 09:38, Alan DeKok wrote:
> >   Try running the server in debugging mode, as suggested in the FAQ,
> > README, INSTALL, and daily on this list.
> >
> >   Honestly, I just don't understand why it's so hard to do that.
> >
> >   Alan DeKok.
>
> Sorry I just could not find any info on that. After doing a google search I
> finnaly found it and how to place in debug mode.
>
> Now I why it is failing...
>
> rlm_sqlcounter: Entering module authorize code
> Segmentation fault
>
> Now to find out how to fix it. :)

I found the error and corrected it. I forgot to add the query.

LeRoy
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Error in Radius.log

[Markus Krause]

Zitat von LeRoy DeVries <[EMAIL PROTECTED]>:
> On Monday 26 December 2005 06:15, Markus Krause wrote:
> > Zitat von LeRoy DeVries <[EMAIL PROTECTED]>:
> > > I'm getting the following error in the radius log and don't know how to
> > > handle
> > > it. I assume it's handled somewhere within the radius.conf file but I
> > > can't find anything about it.
> > >
> > > Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair:
> > > Unknown attribute "Max-All-Session"
> >
> > add a line to your dictionary file (on suse:  /etc/raddb/dictionary):
> > ATTRIBUTE Max-All-Session 3000 integer
> >
>
> Thanks Markus... Now I'm getting the following
>
> Mon Dec 26 08:13:56 2005 : Error: radiusd.conf: "SQL" modules aren't allowed
> in 'authenticate' sections -- they have no such method.
yes, it is not intended to be used in this section ;-) i hope i did not use this
in the example config file i sent you!

> If I remove the sql from that section it doesn't complain. How does sql
> handle
> this. Also as a side note, I tried logging on using a wireless client and the
> loggin in "failed" both on the sql ( database is populated) and USERS
> (uncommented "steve")  but I can't find any logs on why.
what says freeradius if started in debug mode (freeradius -XA) ?
and what says radtest?

regards
   markus
--
Markus Krause   email: [EMAIL PROTECTED]
Computing CenterTel.: 089 - 89 40 85 99
Group Lottspeich / Proteomics   Fax.: 089 - 89 40 85 98

-
 This message was sent using https://webmail.biochem.mpg.de
If you encounter any problems please report to [EMAIL PROTECTED]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Error in Radius.log

[LeRoy DeVries]

On Monday 26 December 2005 12:41, Markus Krause wrote:
> what says freeradius if started in debug mode (freeradius -XA) ?
> and what says radtest?

I'm finally making progress. Now I'm getting the following:

modcall: group authorize returns ok for request 0
auth: type Local
auth: user supplied User-Password does NOT match local User-Password
auth: Failed to validate the user.

even though the password that I entered in the login is correct. 

Now I'm really stuck.

sigh!

LeRoy
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Error in Radius.log

[Markus Krause]

Zitat von LeRoy DeVries <[EMAIL PROTECTED]>:
> On Monday 26 December 2005 12:41, Markus Krause wrote:
> I'm finally making progress. Now I'm getting the following:
>
> modcall: group authorize returns ok for request 0
> auth: type Local
> auth: user supplied User-Password does NOT match local User-Password
> auth: Failed to validate the user.
>
> even though the password that I entered in the login is correct.
i am not an expert but it seems that you (or some module) sets auth-type to
local. what does your authorize and authenticate sections in radiusd.conf look
like?

regards,
  markus


--
Markus Krause   email: [EMAIL PROTECTED]
Computing CenterTel.: 089 - 89 40 85 99
Group Lottspeich / Proteomics   Fax.: 089 - 89 40 85 98

-
 This message was sent using https://webmail.biochem.mpg.de
If you encounter any problems please report to [EMAIL PROTECTED]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Error in Radius.log

[LeRoy DeVries]

On Monday 26 December 2005 16:02, Markus Krause wrote:
> i am not an expert but it seems that you (or some module) sets auth-type to
> local. what does your authorize and authenticate sections in radiusd.conf
> look like?

Here is that portion

authorize {
preprocess
chap
mschap
suffix
sql
noresetcounter
}

authenticate {
Auth-Type PAP {
pap
}

Auth-Type CHAP {
chap
}

Auth-Type MS-CHAP {
mschap
}

}

the interface between the user and radius is done by a .cgi script

-- 
LeRoy
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Error in Radius.log

[LeRoy DeVries]

On Monday 26 December 2005 16:17, LeRoy DeVries wrote:
> On Monday 26 December 2005 16:02, Markus Krause wrote:
> > i am not an expert but it seems that you (or some module) sets auth-type
> > to local. what does your authorize and authenticate sections in
> > radiusd.conf look like?
>
> Here is that portion
>
> authorize {
>   preprocess
>   chap
>   mschap
>   suffix
>   sql
>   noresetcounter
> }
>
> authenticate {
>   Auth-Type PAP {
>   pap
>   }
>
>   Auth-Type CHAP {
>   chap
>   }
>
>   Auth-Type MS-CHAP {
>   mschap
>   }
>
> }
>
> the interface between the user and radius is done by a .cgi script

I found the problem. It was a password error between the Web Server and 
ChilliSpot captive portal. All is working as designed.  Thanks for EVERYONES 
help here.  I have learned alot and I appreciate it very much.

Happy New Year

-- 
LeRoy
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Error message in radius.log

[nake116 nake116]

"
Fri Feb 18 06:26:50 2005 : Info: Using deprecated naslist file.  Support
for this will go away soon.
Fri Feb 18 06:26:50 2005 : Info: Using deprecated clients file.  Support
for this will go away soon.
Fri Feb 18 06:26:50 2005 : Info: Using deprecated realms file.  Support
for this will go away soon.
Fri Feb 18 06:26:50 2005 : Error: rlm_eap_tls: conf N ctx stored
Fri Feb 18 06:26:50 2005 : Info: Listening on IP address *, ports 1812/u
dp and 1813/udp, with proxy on 1814/udp.
Fri Feb 18 06:26:50 2005 : Info: Ready to process requests.
"
What is problem ? and How to fix it.
Reporting-MTA: dns;hotmail.com
Received-From-MTA: dns;mail.hotmail.com
Arrival-Date: Thu, 17 Feb 2005 23:05:03 -0800

Final-Recipient: rfc822;freeradius-user@lists.freeradius.org
Action: failed
Status: 5.5.0
Diagnostic-Code: smtp;550 Unknown local part freeradius-user in 
--- Begin Message ---
--- End Message ---

Re: Error in radius.log

[Siderite]

On Fri, 18 Feb 2005 07:22:42 +
"nake116 nake116" <[EMAIL PROTECTED]> wrote:

> Fri Feb 18 06:26:50 2005 : Info: Using deprecated naslist file.  Support
> for this will go away soon.
> Fri Feb 18 06:26:50 2005 : Info: Using deprecated clients file.  Support
> for this will go away soon.
> Fri Feb 18 06:26:50 2005 : Info: Using deprecated realms file.  Support
> for this will go away soon.
> Fri Feb 18 06:26:50 2005 : Error: rlm_eap_tls: conf N ctx stored
> Fri Feb 18 06:26:50 2005 : Info: Listening on IP address *, ports 1812/u
> dp and 1813/udp, with proxy on 1814/udp.
> Fri Feb 18 06:26:50 2005 : Info: Ready to process requests.
> 
> 
>  What is cause of this problem ?, and how to fix it ? -

delete the naslist,clients and realms files from the configuration
directory. Freeradius now uses SQL or other files for the same purpose.


-- 
Siderite <[EMAIL PROTECTED]>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: errors in radius.log

[Ahmad Cheikh Moussa]

Hi!
Do really nobody knows what this error messages mean,
or is this a stupid question ? If so, I'am sorry.
Can someone give me a hint, where I can look at ?
Regards,
 Ahmad
Ahmad Cheikh Moussa wrote:
Hi!
I have a freeradius 0.9.3 with Solaris 8.
I got all the time these error messages:
Thu Apr 28 07:21:55 2005 : Error: rlm_radutmp: Logout entry for NAS
1.1.1.1 port 1610613128 has wrong ID
Thu Apr 28 07:22:05 2005 : Error: rlm_radutmp: Logout entry for NAS
1.1.1.1 port 1610613218 has wrong ID
Thu Apr 28 07:22:13 2005 : Error: rlm_radutmp: Logout entry for NAS
1.1.1.1 port 1610612888 has wrong ID
The NAS is a juniper dslam.
I've searched the mailinglist, but I did't find anything which
could explain this error.
Can anyone tell me what this error means amd how can I get rid
of this ?
regards,
 Ahmad


--
Ahmad Cheikh-Moussa
NetUSE AG
Dr.-Hell-Straße, 24107 Kiel, Germany
Telefon: +49 431 2390 400 --  Telefax: +49 431 2390 499
Service: [EMAIL PROTECTED] --  http://NetUSE.DE/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Mulitple radius.log files

[Anson Rinesmith]

Okay, did my cut/paste botch that

The most logical thing I’ve tried
was in

files {

…

logdir = ${localstatedir}/log/radius/%{Called-Station-Id}

…

}

Something similar to what’s in
detail {} where the detail file goes in a directory based on the
Client-IP-Address

 

-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Anson Rinesmith
Sent: Friday, January 16, 2004
3:30 PM
To:
[EMAIL PROTECTED]
Subject: Mulitple radius.log files

 

I am trying to set up a scenario
with an Ascend NAS. Using freeradius 0.7.0 as a proxy on FreeBSD 5.2, I can
successfully test authentication with ntradping.

I use the users file to do proxying
based on Called-Station-ID, sending different dialed numbers to different
radius servers.

I am getting “Auth: Login
OK” and “Auth: Login incorrect” messages to my radius.log
file.

I was thinking if I put a line in
the files {} section of radiusd.conf, that I could make a separate radius.log
file based on what realm I proxied to or Called-Station-ID.

I’ve done some trial and
error, but nothing works. Am I on the right track? Where would I put such a
command, or am I just missing what I should change?

 

logdir =
${localstatedir}//%{Called-Station-ID}/radius.log

is the most logical think I’ve
tried.

 

Anson Rinesmith

 

Re: Mulitple radius.log files

[Alan DeKok]

"Anson Rinesmith" <[EMAIL PROTECTED]> wrote:
> I am trying to set up a scenario with an Ascend NAS. Using freeradius
> 0.7.0

  You really should upgrade.

> I was thinking if I put a line in the files {} section of
> radiusd.conf, that I could make a separate radius.log file based on
> what realm I proxied to or Called-Station-ID.

  The server does not support that.  I don't know why you would think
that the "radiusd.log" file is configured in the "files" module.

  Alan DeKok.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Mulitple radius.log files

[Anson Rinesmith]

"Anson Rinesmith" <[EMAIL PROTECTED]> wrote:
> I am trying to set up a scenario with an Ascend NAS. Using freeradius
> 0.7.0

  You really should upgrade.
I agree, but when I used 0.9.3 I got the sql instantiation error.

> I was thinking if I put a line in the files {} section of
> radiusd.conf, that I could make a separate radius.log file based on
> what realm I proxied to or Called-Station-ID.

  The server does not support that.  I don't know why you would think
that the "radiusd.log" file is configured in the "files" module.
Where is it configured?

  Alan DeKok.


- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: missing radius.log file

[Anson Rinesmith]

I have two radius servers, one stores them in /usr/local/var/log and the
other in /var/log
Just depends on what version of FR you are using and/or how you set it up in
radiusd.conf

Try doing a find / -name radius.log that should help you find your log file.

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:freeradius-
> [EMAIL PROTECTED] On Behalf Of stenmark
> Sent: Friday, May 14, 2004 1:38 PM
> To: [EMAIL PROTECTED]
> Subject: missing radius.log file
> 
> (This should be pretty simple)
> I can not find a radius.log file
> Is there a setting (maybe in the radiusd.conf) that I missed?
> 
> What I can find are these log files:
> /usr/local/var/log/radius/radacct/[IP-ADDRESS]/detail-[DATE]
> for example:
> /usr/local/var/log/radius/radacct/127.0.0.1/detail-20040513
> 
> Are these log files the same as the radius.log except broken up into
> dates?
> 
> Thanks,
> Evan Stenmark
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: missing radius.log file

[Evan Stenmark]

yes, I did a locate radius.log (with a current locate database) as well as a root 
directory find but nothing comes up
This is very strange

Evan Stenmark

-- Original Message --
From: "Anson Rinesmith" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 14 May 2004 12:47:37 -0500

>I have two radius servers, one stores them in /usr/local/var/log and the
>other in /var/log
>Just depends on what version of FR you are using and/or how you set it up in
>radiusd.conf
>
>Try doing a find / -name radius.log that should help you find your log file.
>
>> -Original Message-
>> From: [EMAIL PROTECTED] [mailto:freeradius-
>> [EMAIL PROTECTED] On Behalf Of stenmark
>> Sent: Friday, May 14, 2004 1:38 PM
>> To: [EMAIL PROTECTED]
>> Subject: missing radius.log file
>> 
>> (This should be pretty simple)
>> I can not find a radius.log file
>> Is there a setting (maybe in the radiusd.conf) that I missed?
>> 
>> What I can find are these log files:
>> /usr/local/var/log/radius/radacct/[IP-ADDRESS]/detail-[DATE]
>> for example:
>> /usr/local/var/log/radius/radacct/127.0.0.1/detail-20040513
>> 
>> Are these log files the same as the radius.log except broken up into
>> dates?
>> 
>> Thanks,
>> Evan Stenmark
>> 
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: missing radius.log file

[Alan DeKok]

"stenmark " <[EMAIL PROTECTED]> wrote:
> (This should be pretty simple)
> I can not find a radius.log file
> Is there a setting (maybe in the radiusd.conf) that I missed?

  Have you tried looking in radiusd.conf for the text "radius.log"?

  Or "log_file"?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: missing radius.log file

[Graeme Hinchliffe]

On Fri, 14 May 2004 13:38:01 -0600
"Evan Stenmark" <[EMAIL PROTECTED]> wrote:

> yes, I did a locate radius.log (with a current locate database) as
> well as a root directory find but nothing comes up This is very
> strange

you have to enable it in the configuration file for FreeRADIUS.

Graeme

> 
> Evan Stenmark
> 
> -- Original Message --
> From: "Anson Rinesmith" <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> Date:  Fri, 14 May 2004 12:47:37 -0500
> 
> >I have two radius servers, one stores them in /usr/local/var/log and
> >the other in /var/log
> >Just depends on what version of FR you are using and/or how you set
> >it up in radiusd.conf
> >
> >Try doing a find / -name radius.log that should help you find your
> >log file.
> >
> >> -Original Message-
> >> From: [EMAIL PROTECTED]
> >[mailto:freeradius-> [EMAIL PROTECTED] On Behalf Of
> >stenmark> Sent: Friday, May 14, 2004 1:38 PM
> >> To: [EMAIL PROTECTED]
> >> Subject: missing radius.log file
> >> 
> >> (This should be pretty simple)
> >> I can not find a radius.log file
> >> Is there a setting (maybe in the radiusd.conf) that I missed?
> >> 
> >> What I can find are these log files:
> >> /usr/local/var/log/radius/radacct/[IP-ADDRESS]/detail-[DATE]
> >> for example:
> >> /usr/local/var/log/radius/radacct/127.0.0.1/detail-20040513
> >> 
> >> Are these log files the same as the radius.log except broken up
> >into> dates?
> >> 
> >> Thanks,
> >> Evan Stenmark
> >> 
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >
> >
> >- 
> >List info/subscribe/unsubscribe? See
> >http://www.freeradius.org/list/users.html
> >
> 
> - 
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


-- 
-
Graeme Hinchliffe (BSc)
Core Internet Systems Designer
Zen Internet (http://www.zen.co.uk/)

ICQ 3842605 (link)

Direct: 0845 058 9074
Main  : 0845 058 9000
Fax   : 0845 058 9005


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: missing radius.log file

[Evan Stenmark]

Yes, I have searched the radiusd.conf for anything that involves 'log' 
When I had the server set up on our network authenticating requests, the only log file 
that came out of that was:
/usr/local/var/log/radius/radacct//detail-
I see that in the radiusd.conf, and it is actually commented out!
I had the server set to log to radius.log but there is no radius.log file anywhere 
(searched with find and locate as root from root directory)

Also, does the server log radtests?

Evan Stenmark


-- Original Message --
From: "Alan DeKok" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Sat, 15 May 2004 07:03:52 -0400

>"stenmark " <[EMAIL PROTECTED]> wrote:
>> (This should be pretty simple)
>> I can not find a radius.log file
>> Is there a setting (maybe in the radiusd.conf) that I missed?
>
>  Have you tried looking in radiusd.conf for the text "radius.log"?
>
>  Or "log_file"?
>
>  Alan DeKok.
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: missing radius.log file

[Alan DeKok]

"Evan Stenmark" <[EMAIL PROTECTED]> wrote:
> Yes, I have searched the radiusd.conf for anything that involves 'log' 

  Right near the top is "/radius.log"

> I had the server set to log to radius.log but there is no radius.log
> file anywhere (searched with find and locate as root from root
> directory)

  Unless you've edited radiusd.conf to delete the line containing
"radius.log", it will tell you where the file is located.

> Also, does the server log radtests?

  Yes.

  Alan DeKok.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: missing radius.log file

[Evan Stenmark]

Someone just sent me an email saying that freeradius does not output a radius.log file 
when running it in debug mode (radiusd -X)
that's what I had been running it in the whole time while testing...that's why I 
didn't have the radius.log
Now it shows up when not in debug mode

Thanks
Evan Stenmark

-- Original Message --
From: "Alan DeKok" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Tue, 18 May 2004 11:28:14 -0400

>"Evan Stenmark" <[EMAIL PROTECTED]> wrote:
>> Yes, I have searched the radiusd.conf for anything that involves 'log' 
>
>  Right near the top is "..../radius.log"
>
>> I had the server set to log to radius.log but there is no radius.log
>> file anywhere (searched with find and locate as root from root
>> directory)
>
>  Unless you've edited radiusd.conf to delete the line containing
>"radius.log", it will tell you where the file is located.
>
>> Also, does the server log radtests?
>
>  Yes.
>
>  Alan DeKok.
>
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Need radius.log as SQL

[Gregory J. Marsh]

I need to completely replace the radius.log file with SQL. 
I need this because I’m running multiple servers and I need the logs in a
single location that can be watched by one helpdesk staffer.  The current
post auth logs only handle accept and reject – I need the complete log. 
For instance, when a shared secret is wrong, I need to know!  My C programming
skills are very rusty so I hope someone has this already so don’t have to
do it myself.  I’m currently using Version 1.1.2.

 

Greg…






- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Message in "radius.log"

[Alexander Serkin]

Jean Frontin wrote:
> Hello,
> 
> Here is two lines of the radius.log.
> Everything in tables looks like okay. Where must I search, I don't 
> understand the first line below. So, why is the second line good ?

Perhaps your username is in users file and is not in database?

> 
> What does mean "cli" at the end of the second line ?

calling-station-id


-- 
Sincerely Yours,
Alexander
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radius.log behaviour change v1 -> v2

[Stefan Winter]

Hi,

when doing tunneled EAP methods, the logging behaviour is different between v1 
and v2.

v1 used to be: inner request = localhost, outer request = real client, like 
below:

Wed Dec  5 21:11:11 2007 : Auth: Login OK: [EMAIL PROTECTED] (from 
client localhost port 0)
Wed Dec  5 21:11:11 2007 : Auth: Login OK: [EMAIL PROTECTED] (from client 
radius-1 
port 1 cli 00-13-ce-c2-b1-86)

v2 format is: both are logged as coming from real client, like:

> Thu Mar 27 11:00:00 2008 : Auth: Login incorrect: [EMAIL PROTECTED] (from 
> client 
WLC-Walferdange2 port 0)
> Thu Mar 27 11:00:00 2008 : Auth: Login incorrect: [EMAIL PROTECTED] (from 
> client 
WLC-Walferdange2 port 29 cli 00-1C-BF-73-E6-0A)

That makes parsing the log file more difficult, if the number of 
authentications happening is to be taken out of the radius.log file. If a NAS 
doesn't send Calling-Station-Id, the two are almost not correlatable, except 
for the timestamp and a possibly different port (both seem whacky ways of 
doing it).

Was this change advertantly? Can I get the old behaviour back? Or at least, 
add "-inner" to the client name for inner requests?

Greetings,

Stefan Winter

-- 
Stefan WINTER

Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
Ingenieur Forschung & Entwicklung

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED]     Tel.:     +352 424409-1
http://www.restena.lu                Fax:      +352 422473


signature.asc
Description: This is a digitally signed message part.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

DB handles and radius.log errors

[Irina]

First, thanks to Ivan for help with Simultaneous and to Dennis with
indexing.

I am new to radius, please bear with me.  I will try to describe the problem
as much as I can.

I need to ask if anybody has experienced a problem with DB handles.  Here is
what we have experienced a couple of times.

Both NASes Cisco talk to 1 radius (there is another radius, but it was set
up on NASes as a secondary radius).

Many connections drop at the same time on 1 or both NASes and try to
reconnect.  Radius did not get a proper disconnection, therefore sees many
users connected with Stop = 0.  All Simultaneous Logins are set to 1, so
radius checks if users are connected on NAS.

Below is what I find in radius.log.

Mon Jun 11 14:48:28 2007 : Error: Discarding duplicate request from client
aleph:1645 - ID: 95 due to unfinished request 28856
Mon Jun 11 14:48:33 2007 : Error: Discarding duplicate request from client
aleph:1645 - ID: 95 due to unfinished request 28856
Mon Jun 11 14:48:33 2007 : Error: Check-TS: timeout waiting for checkrad

Mon Jun 11 14:48:48 2007 : Info: rlm_sql (sql): There are no DB handles to
use! skipped 0, tried to connect 0
Mon Jun 11 14:48:48 2007 : Info: rlm_sql (sql): There are no DB handles to
use! skipped 0, tried to connect 0

Also see logouts with no Login record
Mon Jun 11 14:48:52 2007 : Error: rlm_radutmp: Logout for NAS aleph port
1401, but no Login record
Mon Jun 11 14:48:52 2007 : Info: rlm_sql (sql): There are no DB handles to
use! skipped 0, tried to connect 0
Mon Jun 11 14:48:52 2007 : Error: rlm_radutmp: Logout for NAS aleph port
854, but no Login record

I also see few of the following for different usernames
Mon Jun 11 14:50:11 2007 : Error: rlm_sql (sql) in sql_accounting: stop
packet with zero session length. [user '[EMAIL PROTECTED]', nas '216.145.96.1']

Then
Mon Jun 11 14:50:16 2007 : Error: rlm_sql_getvpdata: database query error
Mon Jun 11 14:50:16 2007 : Error: rlm_sql (sql): SQL query error; rejecting
user


Also, radius.log has quite few lines (could be not related to only the
problem I described above, because I see the following lines in radius.log
constantly, with empty string instead of a username)

Wed Jun 13 09:39:26 2007 : Error: rlm_radutmp: Logout for NAS heh port 1099,
but no Login record
Wed Jun 13 09:39:26 2007 : Error: rlm_sql (sql) in sql_accounting: stop
packet with zero session length. [user '', nas '216.145.96.1']


I have increased num_sql_socks to 10.  Is it a reasonable number?  Or this
does not help with this problem and I need to look more into finding and
fixing it.

And/or NASes problem?


Any suggestion is welcome.  Thank you for your help in advance.

Irina


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

DB handles and radius.log errors

[Ivan Kalik]

PS. Example:
 
http://puck.nether.net/pipermail/cisco-nas/2004-January/000474.html
 
checkrad works with one Cisco router but not with another with same
configuration and same IOS version.
 
Ivan Kalik
Kalik Informatika ISP
 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: eap-mschapv2 and radius.log

[Scott Armitage]

On 6 Dec 2012, at 11:33, Scott Armitage 
 wrote:

> All,
> 
> I have noticed a behaviour in the logging and I'm not sure if it is 
> misconfiguration on my part, misunderstanding of the expected behaviour or a 
> bug.  If I attempt to log in  using EAP-MSCHAPv2 inside of an eap method 
> (e.g. PEAP/EAP-MSCHAPv2) I see "Login OK:" for the outer EAP regardless of 
> the result of the inner EAP. e.g:
> 
> Thu Dec  6 11:10:55 2012 : Auth: Login OK: [scott] (from client pepsi port 0 
> cli 02-00-00-00-00-01 via TLS tunnel)
> Thu Dec  6 11:10:55 2012 : Auth: Login OK: [scott] (from client pepsi port 0 
> cli 02-00-00-00-00-01 via TLS tunnel)
> Thu Dec  6 11:10:56 2012 : Auth: Login OK: [anonym...@lboro.ac.uk] (from 
> client pepsi port 0 cli 02-00-00-00-00-01)
> 
> This means if I have a user with a bad password I get the following in the 
> log:
> 
> Thu Dec  6 11:21:37 2012 : Auth: Login OK: [scott] (from client pepsi port 0 
> cli 02-00-00-00-00-01 via TLS tunnel)
> 
> As the mschap module is waiting for the user to re-enter their password 
> eventual it times out.  Therefore this is the only entry in the log.  Which 
> is somewhat confusing, as it has actually failed but the only log entry is 
> "Login OK".
> 
> Has anyone else noticed this behaviour?  or have I configured something wrong?
> 
> Regards
> 
> Scott Armitage-
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Sorry forgot to say. I notice this with both FreeRADIUS Version 2.2.0 and 3.0

Regards

Scott

signature.asc
Description: Message signed with OpenPGP using GPGMail
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: eap-mschapv2 and radius.log

[Scott Armitage]

On 6 Dec 2012, at 14:07, Scott Armitage  wrote:

> 
> On 6 Dec 2012, at 11:33, Scott Armitage 
> wrote:
> 
>> All,
>> 
>> I have noticed a behaviour in the logging and I'm not sure if it is 
>> misconfiguration on my part, misunderstanding of the expected behaviour or a 
>> bug.  If I attempt to log in  using EAP-MSCHAPv2 inside of an eap method 
>> (e.g. PEAP/EAP-MSCHAPv2) I see "Login OK:" for the outer EAP regardless of 
>> the result of the inner EAP. e.g:
>> 
>> Thu Dec  6 11:10:55 2012 : Auth: Login OK: [scott] (from client pepsi port 0 
>> cli 02-00-00-00-00-01 via TLS tunnel)
>> Thu Dec  6 11:10:55 2012 : Auth: Login OK: [scott] (from client pepsi port 0 
>> cli 02-00-00-00-00-01 via TLS tunnel)
>> Thu Dec  6 11:10:56 2012 : Auth: Login OK: [anonym...@lboro.ac.uk] (from 
>> client pepsi port 0 cli 02-00-00-00-00-01)
>> 
>> This means if I have a user with a bad password I get the following in the 
>> log:
>> 
>> Thu Dec  6 11:21:37 2012 : Auth: Login OK: [scott] (from client pepsi port 0 
>> cli 02-00-00-00-00-01 via TLS tunnel)
>> 
>> As the mschap module is waiting for the user to re-enter their password 
>> eventual it times out.  Therefore this is the only entry in the log.  Which 
>> is somewhat confusing, as it has actually failed but the only log entry is 
>> "Login OK".
>> 
>> Has anyone else noticed this behaviour?  or have I configured something 
>> wrong?
>> 
>> Regards
>> 
>> Scott Armitage-
>> List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/users.html
> 
> 
> Sorry forgot to say. I notice this with both FreeRADIUS Version 2.2.0 and 3.0


ignore this, I was just being dumb.  I had enabled SoH and the first OK is the 
SoH.




signature.asc
Description: Message signed with OpenPGP using GPGMail
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radius.log with timestamp in filename

[RadiusGuy]

Hi all,

I'm using FreeRADIUS Version 2.0.4 and i would like to have timestamps
within the filename of the radius.log, i.e. radius.log-20090804. For the
other logfiles, like the detailfile, this is the default setting in the
radiusd.conf:

detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d

In good faith I have tried the same thing with the radius.log...

file = ${logdir}/radius.log-%Y%m%d

but it didn't work. Freeradius then creates a logfile with the explicit name
radius.log-%Y%m%d, but not with the timestamp of the actual day. Can anyone
help?

Thanks in advance!
-- 
View this message in context: 
http://www.nabble.com/radius.log-with-timestamp-in-filename-tp24804436p24804436.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

unexpected message in the radius.log

[Edgars]

Hello,
today figured out that on FR 1.0.1 the following Info message appears if 
the user enter an incorrect password:
Info: rlm_sql (sql): No matching entry in the database for request from 
user [edgars]

In the previous versions i think it was like usual - Login incorrect bla 
bla bla.
Has this been changed?

Thanks!
Edgars
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: send radius.log to mysql

[cktan]

The main reason is to monitor the login activity for my radius server 
i.e. Login Accept, Reject or Deny.


cktan wrote:

Dear all,

I'm looking for possibility to inject the log from radius.log into 
mysql DB for some monitoring purpose. Any better suggestion? I tried 
with Syslog-NG and it just won't send radius.log to my syslog server 
but only system log...


Regards
CK



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: send radius.log to mysql

[Gideon le Grange]

On 17 Dec 2010, at 11:13 AM, cktan wrote:

> 
> I'm looking for possibility to inject the log from radius.log into mysql DB 
> for some monitoring purpose. Any better suggestion? I tried with Syslog-NG 
> and it just won't send radius.log to my syslog server but only system log...
> 

Have a look at rsyslog http://www.rsyslog.com/

G


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: send radius.log to mysql

[cktan]

Hi G,

thank for your suggestion. Just noticed I can log a post-auth reject 
message into sql and it was work fine for me. However, it is only for 
Reject message but for the Denied message where is the user account's 
attribute is set to deny. Is that possible the post-auth can log for 
Denied message?


Regards
cK

Gideon le Grange wrote:

On 17 Dec 2010, at 11:13 AM, cktan wrote:

  

I'm looking for possibility to inject the log from radius.log into mysql DB for 
some monitoring purpose. Any better suggestion? I tried with Syslog-NG and it 
just won't send radius.log to my syslog server but only system log...




Have a look at rsyslog http://www.rsyslog.com/

G


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

  


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Error in the Radius.log file

[Nader Sayeh]

Hi...

 

I have two FreeRadius System on RH9 working with Oracle9 DB each have its
own DB at the same server, I found in the radius.log file this message: 

 

There is no DB handle to use! Skipped 0, tried to connect 0

 

What is the cause of this problem and how could I solve it?

 

Another that the Access Servers write on both Radius Systems, but in the
Reporting from the DB there is a big difference between the two reports, how could
I check the reason for the difference?

 

Thanks in advance for your help.

 

Regards,

 

Nader Sayeh

 








*
The contents of this email and any attachments are confidential. It is 
intended for the named recipient(s) only. If you have received this email 
in error please notify the system manager or  the sender immediately and 
do not disclose the contents to any one or make copies.
*
PALTEL E-Safety System scanned this email and found NO viruses, 
vandals or malicious content.
*
Should you need any information or clarifications regarding this system, 
please do not hesitate to contact our team at the IP Dep. 
<[EMAIL PROTECTED]>.
*

Re[2]: errors in radius.log

[William]

Greetings,
  This error message means that your NAS's are sending a different ID when the 
user disconnects, than the one the NAS sent when the user conencted.  Radius 
cannot associeate the disconnect with the connect without the same ID.
  Your NAS is the one sending the wrong ID's.



On Wed, 04 May 2005 11:46:55 +0200 Ahmad Cheikh Moussa <[EMAIL PROTECTED]> 
wrote:
> Hi!
> 
> Do really nobody knows what this error messages mean,
> or is this a stupid question ? If so, I'am sorry.
> 
> Can someone give me a hint, where I can look at ?
> 
> Regards,
>   Ahmad
> 
> Ahmad Cheikh Moussa wrote:
> > Hi!
> > 
> > I have a freeradius 0.9.3 with Solaris 8.
> > I got all the time these error messages:
> > 
> > Thu Apr 28 07:21:55 2005 : Error: rlm_radutmp: Logout entry for NAS
> > 1.1.1.1 port 1610613128 has wrong ID
> > Thu Apr 28 07:22:05 2005 : Error: rlm_radutmp: Logout entry for NAS
> > 1.1.1.1 port 1610613218 has wrong ID
> > Thu Apr 28 07:22:13 2005 : Error: rlm_radutmp: Logout entry for NAS
> > 1.1.1.1 port 1610612888 has wrong ID
> > 
> > The NAS is a juniper dslam.
> > I've searched the mailinglist, but I did't find anything which
> > could explain this error.
> > 
> > Can anyone tell me what this error means amd how can I get rid
> > of this ?

--

-William Ragsdale   -http://www.netonecom.net
-Server Administrator -Office Hours -NetOne Communications, Inc.
-Work: 231-734-2917 10AM - 7PM  -2186 US 10
-FAX:  231-734-6395 -Sears, MI  49679




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

python module log back to radius.log

[Michael da Silva Pereira]

Hi All,

I previously used a perl module and wrote content back to the radius.log 
file by using:

&radiusd::radlog(0,"rlm_perl::Detaching. Reloading. Done.");

Has anybody got something doing this in python,
I don't really want to open up the file and write data into it as 
radiusd has the file open already.


Thanks,
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DB handles and radius.log errors

[tnt]

There are quite a few droped packets here. And vry slow
communication. That first request was processed for more than 5 seconds
which is way too long. It looks like chackrad is haging for a very, very
long time. Can you run  radiusd -X and post the output (or attach it to
e-mail) when this happens.

It is quite likely that the problem is with checkrad OIDs and that it
just hangs there waiting for an answer.

Ivan Kalik
Kalik Informatika ISP


Dana 13/6/2007, "Irina" <[EMAIL PROTECTED]> piše:

>First, thanks to Ivan for help with Simultaneous and to Dennis with
>indexing.
>
>I am new to radius, please bear with me.  I will try to describe the problem
>as much as I can.
>
>I need to ask if anybody has experienced a problem with DB handles.  Here is
>what we have experienced a couple of times.
>
>Both NASes Cisco talk to 1 radius (there is another radius, but it was set
>up on NASes as a secondary radius).
>
>Many connections drop at the same time on 1 or both NASes and try to
>reconnect.  Radius did not get a proper disconnection, therefore sees many
>users connected with Stop = 0.  All Simultaneous Logins are set to 1, so
>radius checks if users are connected on NAS.
>
>Below is what I find in radius.log.
>
>Mon Jun 11 14:48:28 2007 : Error: Discarding duplicate request from client
>aleph:1645 - ID: 95 due to unfinished request 28856
>Mon Jun 11 14:48:33 2007 : Error: Discarding duplicate request from client
>aleph:1645 - ID: 95 due to unfinished request 28856
>Mon Jun 11 14:48:33 2007 : Error: Check-TS: timeout waiting for checkrad
>
>Mon Jun 11 14:48:48 2007 : Info: rlm_sql (sql): There are no DB handles to
>use! skipped 0, tried to connect 0
>Mon Jun 11 14:48:48 2007 : Info: rlm_sql (sql): There are no DB handles to
>use! skipped 0, tried to connect 0
>
>Also see logouts with no Login record
>Mon Jun 11 14:48:52 2007 : Error: rlm_radutmp: Logout for NAS aleph port
>1401, but no Login record
>Mon Jun 11 14:48:52 2007 : Info: rlm_sql (sql): There are no DB handles to
>use! skipped 0, tried to connect 0
>Mon Jun 11 14:48:52 2007 : Error: rlm_radutmp: Logout for NAS aleph port
>854, but no Login record
>
>I also see few of the following for different usernames
>Mon Jun 11 14:50:11 2007 : Error: rlm_sql (sql) in sql_accounting: stop
>packet with zero session length. [user '[EMAIL PROTECTED]', nas '216.145.96.1']
>
>Then
>Mon Jun 11 14:50:16 2007 : Error: rlm_sql_getvpdata: database query error
>Mon Jun 11 14:50:16 2007 : Error: rlm_sql (sql): SQL query error; rejecting
>user
>
>
>Also, radius.log has quite few lines (could be not related to only the
>problem I described above, because I see the following lines in radius.log
>constantly, with empty string instead of a username)
>
>Wed Jun 13 09:39:26 2007 : Error: rlm_radutmp: Logout for NAS heh port 1099,
>but no Login record
>Wed Jun 13 09:39:26 2007 : Error: rlm_sql (sql) in sql_accounting: stop
>packet with zero session length. [user '', nas '216.145.96.1']
>
>
>I have increased num_sql_socks to 10.  Is it a reasonable number?  Or this
>does not help with this problem and I need to look more into finding and
>fixing it.
>
>And/or NASes problem?
>
>
>Any suggestion is welcome.  Thank you for your help in advance.
>
>Irina
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

reject reason logged in radius.log. Possible?

[Daniele Albrizio]

I recently set up a banned mac address database to reject authentication
from proved compromised clients.

I'd like to have a significant record in freeradius logfile for
connection debugging reasons.

Ways I use to implement this results in ambiguous "Invalid user" or
"Login incorrect" misleading messages in radius.log .

Users are in effect valid and correct, but their equipment is not.

Does anybody know how this scenario can be improved?

---

Relevant lines of default virtual server authorize section are:

authorize {
  if ( "%{Calling-Station-Id}" =~ /([a-fA-F0-9]{2}.?){6}/ && "%{sql:
SELECT 1 FROM callingstidbanlist WHERE mac='%{Calling-Station-Id}'}" ==
1  ) {
update reply {
  # Select ban reason from radgroupreply Port-Message attribute
related to the ban group
  Reply-Message := "Access forbidden from this terminal ( %{sql:
SELECT value FROM radgroupreply  WHERE attribute = 'Port-Message' AND
groupname IN (SELECT bangroup FROM callingstidbanlist WHERE mac =
'%{Calling-Station-Id}' ) ; } ) ."
}
#update control {
#   Auth-Type := Reject
#}
# Line in radius.log:
# Auth: Login incorrect: [myusername] (from client wall1-wigate1
port 122 cli 00-1C-CC-C3-C7-1A)

reject
# Line in radius.log:
# Auth: Invalid user: [myusername] (from client wall1-wigate1 port
122 cli 00-1C-CC-C3-C7-1A)
  }
}


-- 
   Daniele ALBRIZIO - albri...@univ.trieste.it
   Tel. +39-040.558.3319
UNIVERSITY OF TRIESTE - Network Services
Divisione V - Infrastrutture e Servizi Informativi
  via Alfonso Valerio, 12 I-34127 Trieste, Italy
Sezione Infrastrutture Informatiche e Telematiche
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

How to Change radius.log format messages

[Luís Cláudio Veiga]

Hello everybody,

i'm trying to find a way to modify radiusd.conf  to change radius.log
bellow messages:

*This:*

Fri Mar 15 17:03:04 2013 : Auth: *Login incorrect:
[*foo_number1/]
(from client 192.168.10 port 118751232)
Fri Mar 15 17:03:27 2013 : Auth: *Login incorrect:* (rlm_chap: Clear text
password not available): [foo_number2/] (from client
192.168.1.10 port 118751232)

*into this:*

Fri Mar 15 17:03:04 2013 : Auth: *Login incorrect - Username Invalid:*
[foo_number1/]
(from client 192.168.10 port 118751232)
Fri Mar 15 17:03:27 2013 : Auth: *Login incorrect - Invalid Password:*
(rlm_chap:
Clear text password not available): [foo_number2/] (from
client 192.168.1.10 port 118751232)


*My primary server is running:*

radiusd: FreeRADIUS Version 1.0.1, for host , built on Jun 14 2005 at
12:19:08
Copyright (C) 2000-2003 The FreeRADIUS server project.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.

*My secondary server is running*:

radiusd: FreeRADIUS Version 1.1.3, for host i686-redhat-linux-gnu, built on
Jan 26 2010 at 18:56:10
Copyright (C) 2000-2006 The FreeRADIUS server project.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.

All users with different permissions are configured in a flat
file(/etc/raddb/users)

Thanks for any help,

Luis Veiga
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius.log with timestamp in filename

[Alan DeKok]

RadiusGuy wrote:
> In good faith I have tried the same thing with the radius.log...
> 
> file = ${logdir}/radius.log-%Y%m%d
> 
> but it didn't work. Freeradius then creates a logfile with the explicit name
> radius.log-%Y%m%d, but not with the timestamp of the actual day. Can anyone
> help?

  Write a cron job to rename the file.

  Dynamically expanding the filename for *every* log message is an
enormous waste of time.  The filename changes only once a day, so it
should be renamed only once a day.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Any questions about "radius.log" and mysql ?

[Jean Frontin]

Hello everybody,
1) I run freeradius 1.0.0pre2 by the command :
% ./radiusd -xX >out.log
In radiusd.conf I put all items to create "radius.log" but why do I never 
see this file ?

2) I have the same question about sqltrace : I put sqltrace = yes in 
sql.conf and I don't see the file sqltrace.sql ?

3) When radiusd examines packet request from a user I obtain the message :
rlm_sql (sql): No matching entry in the database for request from user 
[00:02...]

But when I run queries manually on mysql I obtain answers.
What mistakes do I do !
Thanks you in advance !

Jean Frontin
System team
I R I T
Université Paul-Sabatier
118, rte de Narbonne
31062 Toulouse cedex 04
France
tel  (33)(0)5 61 55 63 03
mail [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radius.log file showing proxy not server

[Peter Kolbe]

Hi,
I am running freeradius freeradius-1.0.0-pre3
I want the /var/log/radius log to reflect NAS-IP-Address (or ideally nas 
FQDN name) not the Client-IP-Address.

I have made a change in the config file that sorted out the detail logs
Can somebody please tell me what config-options I need to change, or 
what I need to change in the source

(Ideally I would like it to work like cistron used to)
Thanks
Peter

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Missing radius.log file and radacct folder

[zack musa]

Hi
I'm using users file for authentication.the problem is
there are no radius directory inside var directory. so
there are no record or information about users. 
1. is this directory automatically created when I
installed freeradius?
2. What may caused this to happen? Insatllation?
Misconfiguration ? Any commented entry that should be
uncomment? - I already try to find all radius.log 
3. When I run the radius deamon with other option such
as  -y, there are error messege that i get, which like
Fail to create PID ...no such file or
directory is this the effect of the missing radius
directory that stored user information? or is there
other reason on it?
4. Except I mkdir a radius directory and create a
radius.log file and radacct directory in it, is there
any other way so that the logfile exist (such as run
some miss execute file or else) so it can work
appropriately with FR server?   



__ 
Do you Yahoo!? 
Yahoo! Mail - Easier than ever with enhanced search. Learn more.
http://info.mail.yahoo.com/mail_250

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html