Hacking to oblivion...that's an interesting way of putting it.<br><br>The only things I changed:<br>Changed the directory locations such as prefix and instance_prefix to my locations,<br>Changed user and pass,<br>Changed Listening port,<br>
Changed type from authentication to accounting only<br>*Added the detail section at the bottom and configure the directory locations etc... <br>Oh and I turned off proxying, virtualhosting, and added the detail {} section AFTER I had already realized the detail logging didn't seem to be logging anywhere although I could confirm that it was taking the accounting packets since I could see the errors in the radius.log if I set the secret incorrectly. But those 1 or 2 errors were the only logging I could get.<br>
<br>The only hacking out of anything I did was to remove the commented sections when I copy/pasted into this email just to keep the email from growing insanely long.<br><br>Also this is version 2.1.3(since I managed to forget to add that info originally. But I will do as you suggested anyway.<br>
<br>Here's a diff of my edited radiusd.conf and the original radiusd.conf(COMPLETELY UNMODIFIED - /opt/freeradius/etc/raddb/radiusd.conf):<br>bash-3.00# diff radiusd.conf /opt/freeradius/etc/raddb/radiusd.conf <br>54c54<br>
< prefix = /opt/freeradius<br>---<br>> prefix = /opt/freeradius-2.1.3<br>56,58c56,57<br>< instance_prefix = /opt/voip/freeradius<br>< sysconfdir = ${instance_prefix}/etc<br>< localstatedir = ${instance_prefix}/var<br>
---<br>> sysconfdir = ${prefix}/etc<br>> localstatedir = ${prefix}/var<br>60,62c59,61<br>< logdir = ${instance_prefix}/logs<br>< raddbdir = ${instance_prefix}/etc<br>< radacctdir = ${instance_prefix}/var/radacct<br>
---<br>> logdir = ${localstatedir}/log/radius<br>> raddbdir = ${sysconfdir}/raddb<br>> radacctdir = ${logdir}/radacct<br>70c69<br>< run_dir = ${localstatedir}/run<br>---<br>> run_dir = ${localstatedir}/run/radiusd<br>
168,169c167,168<br>< user = *******<br>< group = *******<br>---<br>> #user = radius<br>> #group = radius<br>252c251<br>< type = acct<br>---<br>> type = auth<br>277c276<br>< port = 1813<br>
---<br>> port = 0<br>309,310c308,309<br>< #listen {<br>< # ipaddr = *<br>---<br>> listen {<br>> ipaddr = *<br>312,313c311,312<br>< # port = 0<br>< # type = acct<br>---<br>> port = 0<br>
> type = acct<br>316c315<br>< #}<br>---<br>> }<br>526,527c525,526<br>< proxy_requests = no<br>< #$INCLUDE proxy.conf<br>---<br>> proxy_requests = yes<br>> $INCLUDE proxy.conf<br>780,816c779<br>
< #$INCLUDE sites-enabled/<br>< <br>< detail {<br>< # Note that we do NOT use NAS-IP-Address here, as<br>< # that attribute MAY BE from the originating NAS, and<br>< # NOT from the proxy which actually sent us the<br>
< # request. The Client-IP-Address attribute is ALWAYS<br>< # the address of the client which sent us the<br>< # request.<br>< #<br>< # The following line creates a new detail file for<br>
< # every radius client (by IP address or hostname).<br>< # In addition, a new detail file is created every<br>< # day, so that the detail file doesn't have to go<br>
< # through a 'log rotation'<br>< #<br>< # If your detail files are large, you may also want<br>< # to add a ':%H' (see doc/variables.txt) to the end<br>
< # of it, to create a new detail file every hour, e.g.:<br>< #<br>< # ..../detail-%Y%m%d:%H<br>< #<br>< # This will create a new detail file for every hour.<br>
< #<br>< detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d<br>< #detailfile = ${radacctdir}/%{NAS-IP-Address}/detail-%Y%m%d<br>< #detailfile = ${radacctdir}/detail.log<br>
< <br>< #<br>< # The Unix-style permissions on the 'detail' file.<br>< #<br>< # The detail file often contains secret or private<br>
< # information about users. So by keeping the file<br>< # permissions restrictive, we can prevent unwanted<br>< # people from seeing that information.<br>< detailperm = 0600<br>
< }<br>---<br>> $INCLUDE sites-enabled/<br><br><div class="gmail_quote">On Fri, Jan 16, 2009 at 12:39 PM, Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">Brad Clemmons Jr wrote:<br>
> The issue I'm having now though is that I can't seem to get the detail<br>
> logging to work so the only time I get any logs is if I purposefully<br>
> foul something up to cause it to error. Right now I have the detail<br>
> statement at the bottom of the file.<br>
<br>
</div> Right there... there's a problem.<br>
<br>
The default configuration logs to the detail file. There is literally<br>
*nothing* you need to do to configure it to log to the detail file.<br>
<div class="Ih2E3d"><br>
> I've tried moving it into the<br>
> modules section but that didn't make any different. I also tried<br>
> manually specifying the fully qualified path for the log file as well to<br>
> no avail.<br>
<br>
</div> Making random changes without understanding how the server works won't<br>
help.<br>
<div class="Ih2E3d"><br>
> I verified user and group permissions in the necessary directories, but<br>
> I must still be missing something. Anyone able to point out what's<br>
> wrong but right under my nose?<br>
><br>
> Also it's worth noting this is running on Solaris10x86 under a zone.<br>
<br>
</div> You're either running an old version of the server, OR you've hacked<br>
the default configuration files into oblivion.<br>
<div class="Ih2E3d"><br>
<br>
> #$INCLUDE sites-enabled/<br>
><br>
> detail {<br>
> detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d<br>
> #detailfile = ${radacctdir}/%{NAS-IP-Address}/detail-%Y%m%d<br>
> #detailfile = ${radacctdir}/detail.log<br>
> detailperm = 0600<br>
> }<br>
<br>
</div> And... yes. You've completely butchered the default configuration files.<br>
<br>
Don't do that.<br>
<br>
Throw away everything you've done. Replace it with the default<br>
configuration files. Add a client definition. Run it in debugging<br>
mode. Send it accounting packets. Verify that it writes to the detail<br>
file.<br>
<br>
15 minutes. Tops.<br>
<br>
What you've done is clearly to make drastic changes to the<br>
configuration files without understanding how it works. There *is*<br>
documentation on the configuration files. Please *read* it before<br>
editing them. There *are* lots of examples. Please read them.<br>
<font color="#888888"><br>
Alan DeKok.<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/devel.html" target="_blank">http://www.freeradius.org/list/devel.html</a><br>
</font></blockquote></div><br><br clear="all"><br>