No statistics being returned with 3.1.x status site

Wussler, Doug doug.wussler at fsu.edu
Tue Oct 18 12:36:37 CEST 2016 

Graham -


In response to:  "Is anybody succeessfully getting statistics from a 'status' type port
using v3.1.x?  It works as expected with 3.0.x, but with 3.1 I only get
a plain 'Access-Accept'"


Interesting.  I am seeing this issue with 3.0.11.  I used to get statistics just fine

when running version 2.  After upgrading to 3.0.11 I noticed I only receive

an Access-Accept.  I just hadn't had time to look into it any further.  Were

you using 3.0.11 when you received statistics or something prior to 3.0.11?


Doug Wussler

Florida State University.


________________________________
From: Freeradius-Users <freeradius-users-bounces+doug.wussler=fsu.edu at lists.freeradius.org> on behalf of freeradius-users-request at lists.freeradius.org <freeradius-users-request at lists.freeradius.org>
Sent: Tuesday, October 18, 2016 6:00 AM
To: freeradius-users at lists.freeradius.org
Subject: Freeradius-Users Digest, Vol 138, Issue 39

Send Freeradius-Users mailing list submissions to
        freeradius-users at lists.freeradius.org

To subscribe or unsubscribe via the World Wide Web, visit
        http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
        freeradius-users-request at lists.freeradius.org

You can reach the person managing the list at
        freeradius-users-owner at lists.freeradius.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."


Today's Topics:

   1. Re: Linelog & radmin (Peter Balsianok)
   2. Re: Linelog & radmin (Alan DeKok)
   3. Re: Use of buffered-sql for logging auth data to db (Alan DeKok)
   4. Re: split_username_nai clobbering user-name? (Alan DeKok)
   5. Re: EAP-TTLS not  working (Marlen Caemmerer)
   6. No statistics being returned with 3.1.x status site
      (Graham Clinch)


----------------------------------------------------------------------

Message: 1
Date: Mon, 17 Oct 2016 19:33:06 +0200
From: Peter Balsianok <balsianok.peter at gmail.com>
To: FreeRadius users mailing list
        <freeradius-users at lists.freeradius.org>
Subject: Re: Linelog & radmin
Message-ID:
        <CANNcOyyTGGkdE=Os=_Hm4hMxXYHi895nq367Wj3TF2F6kPzXqw at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

Well, i need to have the content of REQUEST,CONTROL & REPLY for solving
customer trouble tickets. I want to have it on the same place as main log.
I see benefit to have HUPing in the rad_linelog (e.g.  log rotation). At
this moment i have only one options, after log rotation i have to restart
whole server.

Linelog configuration:

linelog log_request {

  filename = ${log.file}

  format = "%t : Info: REQUEST(%{User-Name}): %{pairs:request:}"

}


linelog log_control {

  filename = ${log.file}

  format = "%t : Info: CONTROL(%{User-Name}): %{pairs:control:}"

}


linelog log_proxy_request {

  filename = ${log.file}

  format = "%t : Info: PROXY-REQUEST(%{User-Name}): %{pairs:proxy-request:}"

}


linelog log_reply {

  filename = ${log.file}

  format = "%t : Info REPLY(%{User-Name}): %{pairs:reply:}"

}


linelog log_proxy_reply {

  filename = ${log.file}

  format = "%t : Info PROXY-REPLY(%{User-Name}):
Packet-Type=%{proxy-reply:Packet-Type} %{pairs:proxy-reply:}"

}

On Mon, Oct 17, 2016 at 5:36 PM, Alan DeKok <aland at deployingradius.com>
wrote:

> On Oct 17, 2016, at 4:29 AM, Peter Balsianok <balsianok.peter at gmail.com>
> wrote:
> >
> > Hi,
> >
> > When i use radmin ... -e 'hup main.log', linelog (log_request,
> log_control
> > & log_reply) will not write information into main.log. Why ?
>
>   linelog doesn't write messages to the main log.  You can configure it to
> write to the same *filename*.  But that's different.
>
>   And if you HUP the main log, you didn't HUP linelog, and so it doesn't
> change.
>
>   Perhaps you could explain how you've configured linelog, and why you
> expect that HUPing the main log will also cause linelog to get HUP'd, too.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html


------------------------------

Message: 2
Date: Mon, 17 Oct 2016 14:52:27 -0400
From: Alan DeKok <aland at deployingradius.com>
To: FreeRadius users mailing list
        <freeradius-users at lists.freeradius.org>
Subject: Re: Linelog & radmin
Message-ID: <7A5E56C8-FF2C-451E-B5A1-642839579F66 at deployingradius.com>
Content-Type: text/plain; charset=us-ascii

On Oct 17, 2016, at 1:33 PM, Peter Balsianok <balsianok.peter at gmail.com> wrote:
>
> Well, i need to have the content of REQUEST,CONTROL & REPLY for solving
> customer trouble tickets. I want to have it on the same place as main log.

  Why does it need to be the same place as the main log?  It shouldn't matter that much.

> I see benefit to have HUPing in the rad_linelog (e.g.  log rotation). At
> this moment i have only one options, after log rotation i have to restart
> whole server.

  You can HUP main.log, and then HUP each linelog module individually.  Some messages may go to the old file, but it should generally work.

  Or, send a patch which has the linelog module do logging via the main log API.  The problem will then go away.

  Alan DeKok.




------------------------------

Message: 3
Date: Mon, 17 Oct 2016 14:53:34 -0400
From: Alan DeKok <aland at deployingradius.com>
To: FreeRadius users mailing list
        <freeradius-users at lists.freeradius.org>
Subject: Re: Use of buffered-sql for logging auth data to db
Message-ID: <28744D61-135B-443F-B2F6-D9A4B262F4D3 at deployingradius.com>
Content-Type: text/plain; charset=us-ascii

On Oct 17, 2016, at 11:46 AM, Alex Sharaz <alex.sharaz at york.ac.uk> wrote:
>
> Question - can you use the FR 3.0.x control interface to get some form of
> status of any db pools being used, or even any errors generated when
> writing to a DB ?

radmin> help

  Will print out all of the commands that are available.

> Failing that, guess I could grep radius.log looking for specific text
> strings relating to
> Error: rlm_sql (sql): Last connection attempt failed, waiting 30 seconds
> before retrying

  Yes.

  We're looking at fixing this all for 4.0...  but that may require some re-design.

  Alan DeKok.




------------------------------

Message: 4
Date: Mon, 17 Oct 2016 15:49:21 -0400
From: Alan DeKok <aland at deployingradius.com>
To: FreeRadius users mailing list
        <freeradius-users at lists.freeradius.org>
Subject: Re: split_username_nai clobbering user-name?
Message-ID: <2ECCFC3A-BBEC-444A-AC65-1891D0F227CD at deployingradius.com>
Content-Type: text/plain; charset=us-ascii

On Oct 17, 2016, at 11:53 AM, Adam Bishop <Adam.Bishop at jisc.ac.uk> wrote:
>
> Hopefully the final issue I have porting this config!
>
> I'm using the suffix module for proxying, and the split_username_nai policy.
>
> If I put suffix before split, everything is fine. If I put split before suffix, proxying breaks because the suffix module seems to use Stripped-User-Name.

  Yes.  That's by design, unfortunately.  It's so you can have multiple prefixes / suffixes, and have the modules just do the right thing.

> For my configuration, I don't think it matters which order I call the module and the policy in, but I'm surprised by the behaviour - I can't see the policy updating the User-Name entry.

  It updates the Stripped-User-Name.  Which is the default user name for suffix, LDAP lookups, etc.

  You can just write some "unlang" yourself to re-implement the "suffix" module.

  Alan DeKok.




------------------------------

Message: 5
Date: Mon, 17 Oct 2016 22:39:08 +0200
From: Marlen Caemmerer <caemmerer at ash-berlin.eu>
To: FreeRadius users mailing list
        <freeradius-users at lists.freeradius.org>
Subject: Re: EAP-TTLS not  working
Message-ID: <1a2fabbd2a396bd2885b9bf4ccc36107 at ash-berlin.eu>
Content-Type: text/plain; charset=UTF-8



Am 2016-10-17 15:57, schrieb Alan DeKok:

>> On Oct 17, 2016, at 9:35 AM, Marlen Caemmerer <caemmerer at ash-berlin.eu> wrote:
>>
>> This is the debug output of a client that connected.
>
> There's no final Access-Accept in the debug output.
>
> And if you're debugging issues with clients not connecting, you need to show the debug output for a client which doesn't connect.

Sorry for not being precise. I wanted to write you have the output of
the regarding Mac client that cannot connect.

Windows 8/10 are working fine, though.

Mit freundlichen Grüßen
 Marlen Caemmerer

 --
 ************************************************
 Alice Salomon Hochschule
 Computerzentrum
 Marlen Caemmerer
 Alice-Salomon-Platz 5
 12627 Berlin

 Email: caemmerer at ash-berlin.eu
 ************************************************

------------------------------

Message: 6
Date: Mon, 17 Oct 2016 23:20:14 +0100
From: Graham Clinch <g.clinch at lancaster.ac.uk>
To: FreeRadius users mailing list
        <freeradius-users at lists.freeradius.org>
Subject: No statistics being returned with 3.1.x status site
Message-ID: <edc4177a-7e7b-2eb5-62d9-8fc6afc8c1a3 at lancaster.ac.uk>
Content-Type: text/plain; charset=utf-8; format=flowed

Hi Folks,

Is anybody succeessfully getting statistics from a 'status' type port
using v3.1.x?  It works as expected with 3.0.x, but with 3.1 I only get
a plain 'Access-Accept'

-=-
$ echo "Message-Authenticator = 0x00, FreeRADIUS-Statistics-Type = 3" |
radclient -x localhost:18121 status adminsecret
Sent Status-Server Id 101 from 0.0.0.0:44494 to 127.0.0.1:18121 length 50
        Message-Authenticator = 0x00
        FreeRADIUS-Statistics-Type = Auth-Acct
Received Access-Accept Id 101 from 127.0.0.1:18121 to 0.0.0.0:0 via lo
length 20
-=-

The only change to the stock config is linking sites-available/status
into sites-enabled:

-=-
[...]
server status { # from file /usr/local/etc/raddb/sites-enabled/status
} # server status
radiusd: #### Opening IP addresses and Ports ####
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on status address 127.0.0.1 port 18121 bound to server status
Listening on proxy address * port 60122
Listening on proxy address :: port 59166
Ready to process requests
(1)  Received Status-Server Id 101 from 127.0.0.1:44494 to
127.0.0.1:18121 via lo length 50
(1)    Message-Authenticator = 0xc7dc212dc934b93eba6845d5ca0d9594
(1)    FreeRADIUS-Statistics-Type = Auth-Acct
(1)  Running Autz-Type Status-Server from file
/usr/local/etc/raddb/sites-enabled/status
(1)    Autz-Type Status-Server {
(1)      ok (ok)
(1)    } # Autz-Type Status-Server (ok)
(1)  Processing SNMP stats request
(1)  Sent Access-Accept Id 101 from 127.0.0.1:18121 to 127.0.0.1:44494
via lo length 0
(1)  Finished request
Waking up in 4.9 seconds.
(1)  Cleaning up request packet ID 101 with timestamp +10
Ready to process requests
-=-

ta,

Graham


------------------------------

Subject: Digest Footer

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS -- users' list info<http://www.freeradius.org/list/users.html>
www.freeradius.org
Users' List Information. The freeradius-users mailing list is for users of the FreeRADIUS server not Cistron's server! There are a few house-rules to which we'd like ...




------------------------------

End of Freeradius-Users Digest, Vol 138, Issue 39
*************************************************

More information about the Freeradius-Users mailing list