FR3 Debugging Switches

[Alan DeKok]

Adam Bishop wrote:
> It appears the debugging switches don't work quite as I'd expect in FreeRADIUS 3 when RadSec is configured.

  Yes.  Because of OpenSSL limitations, the server MUST have multiple
threads when using radsec.

>   # radiusd -fxx -l stdout
> 
> Works as expected (threaded debugging with no timestamps), however:
> 
>   # radiusd -fXx -l stdout
>   <snip>
>   Wed Oct  9 14:44:18 2013 : Error: /opt/freeradiuss/etc/raddb/sites-enabled/tls[7]: Threading must be enabled for TLS sockets to function properly.
>   Wed Oct  9 14:44:18 2013 : Error: /opt/freeradiuss/etc/raddb/sites-enabled/tls[7]: You probably need to do 'radiusd -fxx -l stdout' for debugging

  So... what's wrong with following that documentation?

> '-fXxx -l stdout' reacts in the same way,

  Because the "-X" means "-f", which is invalid for radsec.

> but '-fxxx -l stdout' does run and produce timestamps,

  Which is what the error message says to use.  What's wrong with that?

> so I think this one is just a documentation issue - I can't find anything doc/ that says xxx is a valid combination.  radiusd --help also indicates that -fXx should still be valid.
> 
> Similarly, when doing a config check:
> 
>   # ./sbin/radiusd -Cfxx -l stdout
>   <snip>
>   /opt/freeradiuss/etc/raddb/sites-enabled/tls[7]: Threading must be enabled for TLS sockets to function properly.
>   /opt/freeradiuss/etc/raddb/sites-enabled/tls[7]: You probably need to do 'radiusd -fxx -l stdout' for debugging
> 
> The init scripts for debian (possibly RHEL too) trigger the latter one, as it runs a config check on restart (which bails out due to the error above).

  The "-C" code should be changed to remove it's setting of "-f".  We'll
fix that for 3.0.1.

  Alan DeKok.