Invalid User in RADIUS Logs
Hi, Will a wrong password also will sometimes log 'invalid user' in the RADIUS log file? Coz recently i get a lot of these in the log file. But the users are actually valid and was able to authenticate successfully later on. Just want to get possible reasons on what could be causing RADIUS to log that. I'm also suspecting perhaps it was not able to lookup/connect to MySQL db at that time. Would that be possible cause also? Thanks, Det
det.explorer@yahoo.com wrote:
Will a wrong password also will sometimes log 'invalid user' in the RADIUS log file? Coz recently i get a lot of these in the log file. But the users are actually valid and was able to authenticate successfully later on. Just want to get possible reasons on what could be causing RADIUS to log that. I'm also suspecting perhaps it was not able to lookup/connect to MySQL db at that time. Would that be possible cause also?
Yes. Alan DeKok.
Hi, Thanks! Is there a way that I can set log level in RADIUS to make it log like when in debug mode? Coz I cannot trace exactly what causes the 'Invalid user' log in RADIUS. I have already confirmed that for this case it is not the password. So now, I'm left to look into other causes. thanks a lot! det ________________________________ From: Alan DeKok <aland@deployingradius.com> To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Sent: Tuesday, December 13, 2011 11:32 PM Subject: Re: Invalid User in RADIUS Logs det.explorer@yahoo.com wrote:
Will a wrong password also will sometimes log 'invalid user' in the RADIUS log file? Coz recently i get a lot of these in the log file. But the users are actually valid and was able to authenticate successfully later on. Just want to get possible reasons on what could be causing RADIUS to log that. I'm also suspecting perhaps it was not able to lookup/connect to MySQL db at that time. Would that be possible cause also?
Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Wed, Dec 14, 2011 at 3:58 PM, Det Det <det.explorer@yahoo.com> wrote:
Hi,
Thanks!
Is there a way that I can set log level in RADIUS to make it log like when in debug mode? Coz I cannot trace exactly what causes the 'Invalid user' log in RADIUS. I have already confirmed that for this case it is not the password. So now, I'm left to look into other causes. Yes, there is a way. Take a look at the comments logging section in your radiusd.conf - https://github.com/alandekok/freeradius-server/blob/v2.1.x/raddb/radiusd.con...
thanks a lot! det ________________________________ From: Alan DeKok <aland@deployingradius.com> To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Sent: Tuesday, December 13, 2011 11:32 PM Subject: Re: Invalid User in RADIUS Logs
det.explorer@yahoo.com wrote:
Will a wrong password also will sometimes log 'invalid user' in the RADIUS log file? Coz recently i get a lot of these in the log file. But the users are actually valid and was able to authenticate successfully later on. Just want to get possible reasons on what could be causing RADIUS to log that. I'm also suspecting perhaps it was not able to lookup/connect to MySQL db at that time. Would that be possible cause also?
Yes.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Nic Cope Simian Reliability Engineer Google Australia
On Thu, Dec 15, 2011 at 6:58 AM, Det Det <det.explorer@yahoo.com> wrote:
Hi,
Thanks!
Is there a way that I can set log level in RADIUS to make it log like when in debug mode? Coz I cannot trace exactly what causes the 'Invalid user' log in RADIUS. I have already confirmed that for this case it is not the password. So now, I'm left to look into other causes.
One was is to just run in it debug mode. Another way is to tun it with one or more "-x" (see "man radiusd"). Yet another way, from radiusd.conf: # Logging can be enabled for an individual request by a special # dynamic expansion macro: %{debug: 1}, where the debug level # for this request is set to '1' (or 2, 3, etc.). e.g. # # ... # update control { # Tmp-String-0 = "%{debug:1}" # } # ... # # The attribute that the value is assigned to is unimportant, # and should be a "throw-away" attribute with no side effects. you can choose which request to debug using unlang. For example (untested), on authorize block: if ("%{User-Name}" == "The-User-You-Want-to-Debug") { update control { Tmp-String-0 = "%{debug:3}" } } ... and finally, you can also use radmin. See http://freeradius.org/radiusd/man/radmin.html, look for "debug" -- Fajar
participants (5)
-
Alan DeKok -
Det Det -
det.explorer@yahoo.com -
Fajar A. Nugraha -
Nic Cope