2.2.0 - Shared Secret is incorrect

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri Jul 19 16:10:21 CEST 2013


On 19 Jul 2013, at 14:29, Anja Ruckdaeschel <Anja.Ruckdaeschel at rz.uni-regensburg.de> wrote:

> But it DID appear in earlier versions of freeradius with default settings for
> logging.

Don't know. You're welcome to dig though the source to find out...

> 
> And I don´t see the difference to something logging Erros like
> 
> Error: Ignoring request to authentication address * port 1812 from unknown
> client x.x.x.x port 1092

Yep that shouldn't really be in there either. I believe the philosophy behind the main log is to only log server global errors and informational messages at the default level.

> regarding the mentioned DoS problem. 
> 
> We´re using a logfile monitoring for years in order to find misconfigured NAS
> of ours.

Not entirely sure how that's related to DoS. But ok... That's, um, interesting.

> Seems we cannot do this with freeradius 2.2.0 anymore?

You can however use the radmin socket to show invalid packet counters. If they're going up you've probably got a mis-configured NAS. The server also keeps stats on a per client basis too.

This is a much saner and more robust way of doing that. There's no guarantee that log message formats won't change, even between sub versions, and then your log monitoring system would be stuffed.

I'll talk to Alan D about it, I know triggers are rate limited in 3.0.0, I can actually see the utility in a client error trigger, there may even already be one. That'd be a much cleaner way to do what you want.

PS: The debug level only goes up to 4 :)

and you want "%{debug: 4}"
                      ^ Note the space (I <3 monospaced fonts)
                  
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team



More information about the Freeradius-Users mailing list