radmin - problem with setting up username based filter as condition

Fekete Tamás fektom at gmail.com
Mon Jan 21 15:54:52 CET 2019 

> It does work.  Especially if you use a different use name.

First I set up these:
[root at compiler radius]# radmin
radmin version 3.0.17, built on Jan 11 2019 at 08:31:34 - FreeRADIUS Server
administration tool.
Copyright (C) 2008-2017 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
radmin> debug level 4
radmin> debug condition '(User-Name == "bob")'
radmin> debug file bob.log
radmin> show debug level
4
radmin> show debug condition
&User-Name == "bob"
radmin> show debug file
/usr/local/var/log/radius/bob.log
radmin>

And I run two different test-case with two different user names and the
size of the output file (bob.log) enhanced (mind the ls -l output below):

[root at compiler radius]# radtest bob hello localhost 0 testing123
Sent Access-Request Id 95 from 0.0.0.0:44499 to 127.0.0.1:1812 length 73
User-Name = "bob"
User-Password = "hello"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "hello"
Received Access-Accept Id 95 from 127.0.0.1:1812 to 127.0.0.1:44499 length
32
Reply-Message = "Hello, bob"
[root at compiler radius]# ls -l
total 332
-rw-r--r-- 1 root root   9601 Jan 21 15:50 bob.log
drwx------ 3 root root     23 Jan 11 10:55 radacct
-rw-r----- 1 root root 245801 Jan 21 15:50 radius.log
[root at compiler radius]# radtest whatever hello localhost 0 testing123
Sent Access-Request Id 124 from 0.0.0.0:36274 to 127.0.0.1:1812 length 78
User-Name = "whatever"
User-Password = "hello"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "hello"
Received Access-Reject Id 124 from 127.0.0.1:1812 to 127.0.0.1:36274 length
20
(0) -: Expected Access-Accept got Access-Reject
[root at compiler radius]# ls -l
total 340
-rw-r--r-- 1 root root  19462 Jan 21 15:50 bob.log
drwx------ 3 root root     23 Jan 11 10:55 radacct
-rw-r----- 1 root root 271295 Jan 21 15:50 radius.log
[root at compiler radius]#

Is something missing from my process?

Alan DeKok <aland at deployingradius.com> ezt írta (időpont: 2019. jan. 21.,
H, 14:27):

> On Jan 21, 2019, at 2:23 AM, Fekete Tamás <fektom at gmail.com> wrote:
> > I want to log debug information only about one user with using radmin,
> but
> > I experience two problems in the expected behaviour of this tool.
> > When I set up radmin with the following options:
> >
> > debug level 4
> > debug condition '(User-Name == "bob")'
> > debug file bob.log
> >
> > the /var/log/radius/bob.log is created and filled by Freeradius, but
> > /var/log/radius/radius.log gets the same debug logs, so the debug
> > information is duplicated.
>
>   That's unfortunately the way it works.  Changing that is hard at this
> point.
>
> > The second problem is that if I use another user name, for example
> > 'whatever', for connection trial, the debug information still goes to
> > /var/log/radius/bob.log, however, the debug condition was
>
>   You can change the debug file...
>
> > debug condition '(User-Name == "bob")'
> >
> > My question is, why the filtering condition doesn't work
>
>   It does work.  Especially if you use a different use name.
>
> > and the second is,
> > how can I stop the double logging (into /var/log/radius/radius.log
> > /var/log/radius/bob.log in the same time)?
>
>   Send a patch.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list