Problem with log and PEAP/MS-CHAPv2

Andrea Gabellini andrea.gabellini at telecomitalia.sm
Fri Apr 14 11:21:01 CEST 2017 

Hi,

the problem is the (0) and (1) in the log. I think this is the packet
number. Using eap with wrong username or password logs some debug output
(see previous posts). Alan DeKok says that this is a debug log, but
radiusd isn't running debug mode.

So the question is: why I got a debug output if the server is running
without it?

Thanks,
Andrea

Il 14/04/2017 11:03, Alan Buxey ha scritto:
> hi,
>
> this is just the output of the standard freeradius logfile - which gives
> you some basic info (with log_auth enabled) .
>
> you need to be looking at the output when you run the server in full debug
> mode:
>
> radiusd -X
> or
> freeradiusd -X (if you're on debian/ubuntu builds)
>
> (and yes, thats just one big uppercase X)  - as that will tell you exactly
> what is happening and why something doesnt work.
>
> if this is a vanilla install with no local confidential stuff etc then
> theres no reason to not post the output in full to the list - there will be
> one or 2 obvious things
>
>
> alan
>
> On 14 April 2017 at 08:19, Andrea Gabellini <
> andrea.gabellini at telecomitalia.sm> wrote:
>
>>
>> Il 13/04/2017 13:18, Alan DeKok ha scritto:
>>> On Apr 13, 2017, at 3:41 AM, Andrea Gabellini <andrea.gabellini@
>> telecomitalia.sm> wrote:
>>>> the server doesn't have any extra options:
>>>   <shrug>  The server doesn't magically start printing all debug
>> messages to the log file.
>>>   You've made some change in your local configuration to cause this to
>> happen.  Find it, and fix it.
>>> $ cd /etc/raddb
>>> $ grep -r debug .
>>>
>>>   Maybe that will help.
>> Hi Alan,
>>
>> the search for the debug keyword in the config directory doesn't return
>> any hint.
>>
>> I removed the raddb directory and reinstalled all with make install.
>> Just modified "auth = yes" and enabled the user "bob" from the default
>> configuration:
>>
>> [09:14:22][radius31:/usr/local/freeradius/etc/raddb] #systemctl restart
>> radiusd
>> [09:14:26][radius31:/usr/local/freeradius/etc/raddb] #tail -f
>> /var/log/radius/radius.log
>> Fri Apr 14 09:14:26 2017 : Info: Debugger not attached
>> Fri Apr 14 09:14:26 2017 : Warning:
>> [/usr/local/freeradius/etc/raddb/mods-config/attr_filter/access_reject]:11
>> Check item "FreeRADIUS-Response-Delay"     found in filter list for
>> realm "DEFAULT".
>> Fri Apr 14 09:14:26 2017 : Warning:
>> [/usr/local/freeradius/etc/raddb/mods-config/attr_filter/access_reject]:11
>> Check item "FreeRADIUS-Response-Delay-USec" found in filter list for
>> realm "DEFAULT".
>> Fri Apr 14 09:14:26 2017 : Info: Loaded virtual server <default>
>> Fri Apr 14 09:14:26 2017 : Warning: Ignoring "sql" (see
>> raddb/mods-available/README.rst)
>> Fri Apr 14 09:14:26 2017 : Warning: Ignoring "ldap" (see
>> raddb/mods-available/README.rst)
>> Fri Apr 14 09:14:26 2017 : Info: Loaded virtual server default
>> Fri Apr 14 09:14:26 2017 : Info:  # Skipping contents of 'if' as it is
>> always 'false' --
>> /usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel:330
>> Fri Apr 14 09:14:26 2017 : Info: Loaded virtual server inner-tunnel
>> Fri Apr 14 09:14:26 2017 : Info: Ready to process requests
>> Fri Apr 14 09:14:30 2017 : Auth: (0) Login OK: [bob] (from client
>> localhost port 0)
>> Fri Apr 14 09:14:32 2017 : Auth: (1) Login incorrect (pap: Cleartext
>> password "hellox" does not match "known good" password): [bob] (from
>> client localhost port 0)
>>
>> Freeradius was compiled on CentOS 7 server with: ./configure
>> --prefix=/usr/local/freeradius --enable-static=no --localstatedir=/var
>> --with-docdir=no --with-vmps=no
>> --with-oracle-include-dir=/usr/local/oracle/sdk/include
>> --with-oracle-lib-dir=/usr/local/oracle
>>
>> Any idea on what I can check?
>>
>> Thanks,
>> Andrea
>>
>>>   Again, you *should* keep track of your local changes, and you *should*
>> know what changes you made.
>>>   Alan DeKok.
>>>
>>>
>>> -
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/
>> list/users.html
>>
>> --
>> ----------------------------------------------------------------
>> The box said: 'install on Windows 95, NT 4.0 or better'. So I installed it
>> on Linux.
>>
>> ----------------------------------------------------------------
>>
>> Ing. Andrea Gabellini
>> Email: andrea.gabellini at telecomitalia.sm
>> Skype: andreagabellini
>> Tel: (+378) 0549 886111
>> Fax: (+378) 0549 886188
>>
>> Telecom Italia San Marino S.p.A.
>> Via XXVIII Luglio, 212 - Piano -2
>> 47893 Borgo Maggiore
>> Republic of San Marino
>>
>> http://www.telecomitalia.sm
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/
>> list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
----------------------------------------------------------------
Hardware: The parts of a computer system that can be kicked. 

----------------------------------------------------------------

Ing. Andrea Gabellini
Email: andrea.gabellini at telecomitalia.sm
Skype: andreagabellini
Tel: (+378) 0549 886111
Fax: (+378) 0549 886188

Telecom Italia San Marino S.p.A.
Via XXVIII Luglio, 212 - Piano -2
47893 Borgo Maggiore
Republic of San Marino

http://www.telecomitalia.sm

More information about the Freeradius-Users mailing list