linelog and rlm_eap
Kolbjørn Barmen
kolbjorn.barmen at uninett.no
Fri Mar 11 08:15:39 CET 2011
On Tue, 8 Mar 2011, Phil Mayers wrote:
> On 03/08/2011 03:58 PM, Kenneth Marshall wrote:
> > On Tue, Mar 08, 2011 at 04:44:53PM +0100, Kolbj??rn Barmen wrote:
> > >
> > > Is it possible to use the linelog to provide a "debug light" for
> > > rlm_eap and submodules? What I'm looking for is some way to tell why
> > > an authentication has failed for a given login attempt, without
> > > resorting to full debugging. If it is possible, example
> > > configuration is most welcome.
> > >
> > > Thanks!
> > >
> > > --
> > > Kolbjørn Barmen
> > > UNINETT Driftsenter
> >
> > You can use raddebug to enable debugging for just the problem
> > user. That is usually much easier than trying to instrument the
> > radius process piecemeal.
>
> But not much use if you're asked about it hours later...
Exactly.
What I meant to ask for, is some way of having more usefull information
from failed logins. Today we're using ldap backend, and the only error
message that comes in the log is "rlm_ldap: User not found", regardless
of what the real cause is. Typically the only way I have found today is
to run debugging and read through the entire session to see what the
output from the various rlm_eap_*-modules is. Would be excellent if one
could use linelog to create a log of how the eap-negotiation progresses
for every login.
Thanks again.
--
Kolbjørn Barmen
UNINETT Driftsenter
More information about the Freeradius-Users
mailing list