Freeradius-Users Digest, Vol 129, Issue 10

Peter Hutchison p.j.hutchison at hud.ac.uk
Thu Jan 7 10:38:59 CET 2016 

>Hi,

> TBH, iu cant recall if expansions work for that section in radiusd.conf - if theres a quirky bug it wont get fixed in 2.1.12

Our Ubuntu server setup uses packages from http://packages.ubuntu.com using apt-get, they are still providing v2.1.12 and they have not changed to v3 yet. Not sure why Ubuntu support have not updated the packages for customers when its out of date....


>but for logging there are 2 ways that do work....and should work fine


>1) use the 'detail' module

>2) use linelog

The detail log is not really what I want. I just want to record requests. It is working for 'default' and 'inner-tunnel' but nothing else :(

I tried the linelog method, and that didn't work either. No logs generated.

I am not even sure that detail logging is working either. There are a couple of old log files in the radacct directory but nothing newer.

>for the details module - i think you are using this(!) ? you should be looking at modules/detail.log file - as thats the file that is actuslly >used for auth_log et al


>and if %{Virtual-Server} expansion doesnt work there - easy, just create a new detail entry eg

>eduroam_auth_log and call that instead of auth_log in relevant section of the virtual server - and do the same for the other calls to log >functions

>eg

>detail eduroam_auth_log {
>       detailfile = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
>       detailperm = 0600
>        suppress {
>                User-Password
>                EAP-MSK
>                EAP-EMSK
>                EAP-Message
>               MS-MPPE-Recv-Key
>               MS-MPPE-Send-Key
>               MS-MPPE-Encryption-Policy
>               MS-MPPE-Encryption-Types
>        }
}


> ..for linelog, simply look at the modules/linelog file and configure as required....or make a new one eg

>linelog eduroam-linelog {
><put config here!>
>}

> and then call linelog in relevant place to capture required bits - linelog is generally better as the output can be nicely customised to >contain exactly the stuff needed in format needed...

I tried this method, freeradius -X started up ok. But no logs generated...
I am stuck at this point.

>obviously there are many other methods - eg using the buffered-sql virtual server and copying detail output asynchronously to an SQL server so >you have logs in database format (great for searching)

>some of this may only be applicable to 2.2.x - but thats what you should be running as a minimum these days (and even that is around end of >support time)

Any other ideas?

BTW, what version of Freeradius are you using?


Peter Hutchison MCP
Senior Network Systems SpecialistS
S 01484 473716
Infrastructure Team
University of Huddersfield | Queensgate | Huddersfield | HD1 3DH



University of Huddersfield inspiring tomorrow's professionals.
[http://marketing.hud.ac.uk/_HOSTED/EmailSig2014/EmailSigFooter.jpg]

This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability.

More information about the Freeradius-Users mailing list