radmin - problem with setting up username based filter as condition

Alan Buxey alan.buxey at gmail.com
Mon Jan 21 20:24:16 CET 2019 

Hi

You set the filename to bob.log so everything went there. Different users
etc etc. All will go into the filename set. There's no magic link between
the username in the log filename and the users passing through the server

alan

On Mon, 21 Jan 2019, 14:56 Fekete Tamás <fektom at gmail.com wrote:

> > It does work.  Especially if you use a different use name.
>
> First I set up these:
> [root at compiler radius]# radmin
> radmin version 3.0.17, built on Jan 11 2019 at 08:31:34 - FreeRADIUS Server
> administration tool.
> Copyright (C) 2008-2017 The FreeRADIUS server project and contributors.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
> You may redistribute copies of FreeRADIUS under the terms of the
> GNU General Public License v2.
> radmin> debug level 4
> radmin> debug condition '(User-Name == "bob")'
> radmin> debug file bob.log
> radmin> show debug level
> 4
> radmin> show debug condition
> &User-Name == "bob"
> radmin> show debug file
> /usr/local/var/log/radius/bob.log
> radmin>
>
> And I run two different test-case with two different user names and the
> size of the output file (bob.log) enhanced (mind the ls -l output below):
>
> [root at compiler radius]# radtest bob hello localhost 0 testing123
> Sent Access-Request Id 95 from 0.0.0.0:44499 to 127.0.0.1:1812 length 73
> User-Name = "bob"
> User-Password = "hello"
> NAS-IP-Address = 127.0.0.1
> NAS-Port = 0
> Message-Authenticator = 0x00
> Cleartext-Password = "hello"
> Received Access-Accept Id 95 from 127.0.0.1:1812 to 127.0.0.1:44499 length
> 32
> Reply-Message = "Hello, bob"
> [root at compiler radius]# ls -l
> total 332
> -rw-r--r-- 1 root root   9601 Jan 21 15:50 bob.log
> drwx------ 3 root root     23 Jan 11 10:55 radacct
> -rw-r----- 1 root root 245801 Jan 21 15:50 radius.log
> [root at compiler radius]# radtest whatever hello localhost 0 testing123
> Sent Access-Request Id 124 from 0.0.0.0:36274 to 127.0.0.1:1812 length 78
> User-Name = "whatever"
> User-Password = "hello"
> NAS-IP-Address = 127.0.0.1
> NAS-Port = 0
> Message-Authenticator = 0x00
> Cleartext-Password = "hello"
> Received Access-Reject Id 124 from 127.0.0.1:1812 to 127.0.0.1:36274
> length
> 20
> (0) -: Expected Access-Accept got Access-Reject
> [root at compiler radius]# ls -l
> total 340
> -rw-r--r-- 1 root root  19462 Jan 21 15:50 bob.log
> drwx------ 3 root root     23 Jan 11 10:55 radacct
> -rw-r----- 1 root root 271295 Jan 21 15:50 radius.log
> [root at compiler radius]#
>
> Is something missing from my process?
>
> Alan DeKok <aland at deployingradius.com> ezt írta (időpont: 2019. jan. 21.,
> H, 14:27):
>
> > On Jan 21, 2019, at 2:23 AM, Fekete Tamás <fektom at gmail.com> wrote:
> > > I want to log debug information only about one user with using radmin,
> > but
> > > I experience two problems in the expected behaviour of this tool.
> > > When I set up radmin with the following options:
> > >
> > > debug level 4
> > > debug condition '(User-Name == "bob")'
> > > debug file bob.log
> > >
> > > the /var/log/radius/bob.log is created and filled by Freeradius, but
> > > /var/log/radius/radius.log gets the same debug logs, so the debug
> > > information is duplicated.
> >
> >   That's unfortunately the way it works.  Changing that is hard at this
> > point.
> >
> > > The second problem is that if I use another user name, for example
> > > 'whatever', for connection trial, the debug information still goes to
> > > /var/log/radius/bob.log, however, the debug condition was
> >
> >   You can change the debug file...
> >
> > > debug condition '(User-Name == "bob")'
> > >
> > > My question is, why the filtering condition doesn't work
> >
> >   It does work.  Especially if you use a different use name.
> >
> > > and the second is,
> > > how can I stop the double logging (into /var/log/radius/radius.log
> > > /var/log/radius/bob.log in the same time)?
> >
> >   Send a patch.
> >
> >   Alan DeKok.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list