RE: Freeradius-Users Digest, Vol 129, Issue 3
We have set up Freeradius on Ubuntu 14.04 LTS but having trouble to get it to generating authorization logs for our 'eduroam' virtual server.
What does this virtual server do / when is it called?
Allows users to authenticate on wireless network using Eduroam with their Active Directory login user (+ domain) and password. Users do authenticate ok no problem, but it is not logging requests for some reason to the /var/log/freeradius/radius-eduroam-yyyy-mm-dd.log
Do you call the linelog or detail modules in any of its sections?
Yes, 'detail' is included in the accounting section.
It is generating logs ok for the default and inner-tunnel but not eduroam. I have checked and re-checked the configuration with no result.
You need to look at the debug output. On ubuntu run it as "freeradius -X" and examine the output then authenticate something you expect to get logs for.
/etc/freeradius/radius.conf log section looks like this:
Mostly not useful - you really want linelog or detail, not the main server logging. It’s the requests logging I am interested in which doesn't seem to work.
And in our eduroam file in sites-available (with link file in sites-enabled) has 'auth_log' enabled to in the authorize section.
Any ideas why the log isn't being generated when users connect to it?
Check -X debug output.
I cannot see anything obvious, no mention of log being created or updated.
Send the debug here if it doesn't make sense, though it's fairly straightforward to read (if verbose). Right from the FreeRADIUS banner at the >top and including an authentication packet.
A small suspicion is that you might need to put logging in pre/post-proxy sections if you're trying to log non-local auths.
I have updated those sections but made no difference with following lines: Pre_proxy_log Post_proxy_log ---- Update: Log file enclosed in ZIP format. I found this website which may help to enable logging, looks like logging functionality is different between 2.1.10 and 2.1.12. http://confluence.diamond.ac.uk/pages/viewpage.action?pageId=22252353 Peter Hutchison MCP Senior Network Systems SpecialistS S 01484 473716 Infrastructure Team University of Huddersfield | Queensgate | Huddersfield | HD1 3DH University of Huddersfield inspiring tomorrow's professionals. [http://marketing.hud.ac.uk/_HOSTED/EmailSig2014/EmailSigFooter.jpg] This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability.
On Jan 8, 2016, at 8:40 AM, Peter Hutchison <p.j.hutchison@hud.ac.uk> wrote:
Please reply to a message, not to the digest. And be sure that the subject contains something useful.
We have set up Freeradius on Ubuntu 14.04 LTS but having trouble to get it to generating authorization logs for our 'eduroam' virtual server.
What does this virtual server do / when is it called?
Allows users to authenticate on wireless network using Eduroam with their Active Directory login user (+ domain) and password. Users do authenticate ok no problem, but it is not logging requests for some reason to the /var/log/freeradius/radius-eduroam-yyyy-mm-dd.log
Why do you think it's supposed to log there? What have you configured to MAKE the server log things there? I asked this a few days ago, and you didn't answer. Please answer.
Do you call the linelog or detail modules in any of its sections?
Yes, 'detail' is included in the accounting section.
You are aware that the detail files are written only when the server receives accounting packets.
Check -X debug output.
I cannot see anything obvious, no mention of log being created or updated.
<sigh> Please post the debug output, as suggested in the FAQ, "man" pages, web pages, and daily on this list. If you can't figure out the problem from reading the debug output, maybe we can figure it out. That's why we ask for it.
Update: Log file enclosed in ZIP format.
Don't. Post it as text. The mailing list strips viruses, PNGs, zip files, etc. It's no difficult to post it as text. Everyone else does.
I found this website which may help to enable logging, looks like logging functionality is different between 2.1.10 and 2.1.12. http://confluence.diamond.ac.uk/pages/viewpage.action?pageId=22252353
That presumes you have some understanding of how the server works. The server comes with lots of documentation. Each module and configuration item is extensively documented. Please READ them. Making random changes in the hope that it will magically cause things to work is... not a good process. Alan DeKok.
participants (2)
-
Alan DeKok -
Peter Hutchison