Hi Alan, Thank you for pushing me in the right direction much appreciated. Seems ok now one colleagues had changed the file permissions in the detail module :( .. As a secondary question it seems its not capable of logging post-auth detail log such as a reject ? Is is not supported ? We have a need to log all access requests including rejects into the db , just scared that it will tank FR when put into production as Mysql will struggle to keep up with it so didnt directly want to call sql. Any suggestions are welcome. Many Thanks Arnab Sent: Tuesday, January 10, 2017 at 7:02 PM From: "Alan DeKok" <aland@deployingradius.com> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Subject: Re: Permission Denied buffered Sql On Jan 10, 2017, at 1:05 PM, Arnab Roy <arnabroy@mail.com> wrote:
I just enabled buffered sql on my server everything seems to be
but I am getting flooded with messages as such and I dont think accounting events are being picked up.
FR 3.0.11
Failed opening detail file /var/log/radius/radacct/detail.work: Permission denied Blame the OS. You've set up the server so that it can't read the files it's writing. What UID is the server running under? detail (/var/log/radius/radacct/detail*): Detail listener state unopened waiting 0.790671 sec
I have tried all sorts of permissions on the /var/log/radius folder , it seems like as soon as the detail file is created by FR the errors starts appearing Setting random permissions doesn't help. You need to know what UID is being used, and also what the permissions are on the directory. The permissions are as follows:
[root@radius radius]# ls -l /var/log/radius/radacct total 8 --wxr----t 1 radiusd radiusd 1605 Jan 10 17:59 detail-20170110 --wxr----t 1 radiusd radiusd 1710 Jan 10 17:56 detail.work That's... weird. It has permission to write the file, but not to read it? And why is the sticky bit set? You've done something to your system to break the permissions. Maybe you've set "umask" to a bizarre value. And perhaps broken the permissions on /var/log/radius and /var/log/radius/radacct When the server is installed / run for the first time, it creates the "radacct" directory, with the correct permissions. There should be no need to change the permissions to "fix" them. You'll need to find out what UID the server is running as, and then set the correct permissions on *all* of the directories. "chmod o+rwx" on the directories should do it. Alan DeKok.
working - List info/subscribe/unsubscribe? See [1]http://www.freeradius.org/list/users.html References 1. http://www.freeradius.org/list/users.html