LOGs of eap-tls authentication

inelec communication inelec_communication at yahoo.fr
Mon Sep 10 10:23:19 CEST 2007


hello,
  running radius in debug mode doesn't give any log file ,i meen it doesn't give logs in radiusd.log ;  if you give me  your result when you have rubn radiusd -X -A perhaps i can help
   
  regards
  

anoop_c at sifycorp.com a écrit :
  
Hi     1  I am using eap-tls authentication.My setup is working well with certificates.        I am unable to get logs of user login ok or denied in the radius.log file    [root at anoop sbin]# radiusd -X -A  Starting - reading configuration files ...  reread_config:  reading radiusd.conf  Config:   including file: /etc/raddb/proxy.conf  Config:   including file: /etc/raddb/clients.conf  Config:   including file: /etc/raddb/snmp.conf  Config:   including file: /etc/raddb/eap.conf  Config:   including file: /etc/raddb/sql.conf   main: prefix = \"/usr/local\"   main: localstatedir = \"/usr/local/var\"   main: logdir = \"/usr/local/var/log/radius\"   main: libdir = \"/usr/local/lib\"   main: radacctdir = \"/usr/local/var/log/radius/radacct\"   main: hostname_lookups = no   main: snmp = no   main: max_request_time = 30   main: cleanup_delay = 5   main: max_requests = 1024   main: delete_blocked_requests = 0   main: port = 0   main: allow_core_dumps = no   main: log_stripped_names
 = yes   main: log_file = \"/usr/local/var/log/radius/radius.log\"   main: log_auth = yes   main: log_auth_badpass = yes   main: log_auth_goodpass = yes   main: pidfile = \"/usr/local/var/run/radiusd/radiusd.pid\"   main: user = \"(null)\"   main: group = \"(null)\"   main: usercollide = no   main: lower_user = \"no\"   main: lower_pass = \"no\"   main: nospace_user = \"no\"   main: nospace_pass = \"no\"   main: checkrad = \"/usr/local/sbin/checkrad\"   main: proxy_requests = yes   proxy: retry_delay = 5   proxy: retry_count = 3   proxy: synchronous = no   proxy: default_fallback = yes   proxy: dead_time = 120   proxy: post_proxy_authorize = no   proxy: wake_all_if_all_dead = no   security: max_attributes = 200   security: reject_delay = 1   security: status_server = no   main: debug_level = 0  read_config_files:  reading dictionary  read_config_files:  reading naslist  Using deprecated naslist file.  Support for this will go away soon.  read_config_files:  reading clients 
 read_config_files:  reading realms  radiusd:  entering modules setup  Module: Library search path is /usr/local/lib  Module: Loaded exec   exec: wait = yes   exec: program = \"(null)\"   exec: input_pairs = \"request\"   exec: output_pairs = \"(null)\"   exec: packet_type = \"(null)\"  rlm_exec: Wait=yes but no output defined. Did you mean output=none?  Module: Instantiated exec (exec)  Module: Loaded expr  Module: Instantiated expr (expr)  Module: Loaded System   unix: cache = no   unix: passwd = \"(null)\"   unix: shadow = \"(null)\"   unix: group = \"(null)\"   unix: radwtmp = \"/usr/local/var/log/radius/radwtmp\"   unix: usegroup = no   unix: cache_reload = 600  Module: Instantiated unix (unix)  Module: Loaded eap   eap: default_eap_type = \"tls\"   eap: timer_expire = 60   eap: ignore_unknown_eap_types = no   eap: cisco_accounting_username_bug = no  rlm_eap: Loaded and initialized type md5  rlm_eap: Loaded and initialized type leap   gtc: challenge = \"Password: \"  
 gtc: auth_type = \"PAP\"  rlm_eap: Loaded and initialized type gtc   tls: rsa_key_exchange = no   tls: dh_key_exchange = yes   tls: rsa_key_length = 512   tls: dh_key_length = 512   tls: verify_depth = 0   tls: CA_path = \"(null)\"   tls: pem_file_type = yes   tls: private_key_file = \"/etc/1x/07xwifi.pem\"   tls: certificate_file = \"/etc/1x/07xwifi.pem\"   tls: CA_file = \"/etc/1x/root.pem\"   tls: private_key_password = \"password\"   tls: dh_file = \"/etc/1x/DH\"   tls: random_file = \"/etc/1x/random\"   tls: fragment_size = 1024   tls: include_length = yes   tls: check_crl = no   tls: check_cert_cn = \"(null)\"   tls: cipher_list = \"(null)\"   tls: check_cert_issuer = \"(null)\"  rlm_eap_tls: Loading the certificate file as a chain  WARNING: rlm_eap_tls: Unable to set DH parameters.  DH cipher suites may not work!  WARNING: Fix this by running the OpenSSL command listed in eap.conf  rlm_eap: Loaded and initialized type tls   mschapv2: with_ntdomain_hack = no 
 rlm_eap: Loaded and initialized type mschapv2  Module: Instantiated eap (eap)  Module: Loaded preprocess   preprocess: huntgroups = \"/etc/raddb/huntgroups\"   preprocess: hints = \"/etc/raddb/hints\"   preprocess: with_ascend_hack = no   preprocess: ascend_channels_per_line = 23   preprocess: with_ntdomain_hack = no   preprocess: with_specialix_jetstream_hack = no   preprocess: with_cisco_vsa_hack = no   preprocess: with_alvarion_vsa_hack = no  Module: Instantiated preprocess (preprocess)  Module: Loaded realm   realm: format = \"suffix\"   realm: delimiter = \"@\"   realm: ignore_default = no   realm: ignore_null = no  Module: Instantiated realm (suffix)  Module: Loaded files   files: usersfile = \"/etc/raddb/users\"   files: acctusersfile = \"/etc/raddb/acct_users\"   files: preproxy_usersfile = \"/etc/raddb/preproxy_users\"   files: compat = \"no\"  Module: Instantiated files (files)  Module: Loaded Acct-Unique-Session-Id   acct_unique: key = \"User-Name,
 Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port\"  Module: Instantiated acct_unique (acct_unique)  Module: Loaded detail   detail: detailfile = \"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d\"   detail: detailperm = 384   detail: dirperm = 493   detail: locking = no  Module: Instantiated detail (detail)  Module: Loaded radutmp   radutmp: filename = \"/usr/local/var/log/radius/radutmp\"   radutmp: username = \"%{User-Name}\"   radutmp: case_sensitive = yes   radutmp: check_with_nas = yes   radutmp: perm = 384   radutmp: callerid = yes  Module: Instantiated radutmp (radutmp)  Listening on authentication *:1812  Listening on accounting *:1813  Ready to process requests.     2 I am using certificate based authentication so do i need to edit anything in the users file/    Thanks and regards  Anoop    


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

       
---------------------------------
 Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070910/5b02759b/attachment.html>


More information about the Freeradius-Users mailing list