Correlating request and accept/reject log?

jm+freeradiususer at roth.lu jm+freeradiususer at roth.lu
Fri Mar 31 17:17:18 CEST 2017


> If you know better than me, why are you asking questions on this list?

I'm sorry I did not realize there was a "new %n" and an "old %n" (duh). I
also didn't realize that there is a difference between a "request number"
and a "request ID". Well, now I do.

Please don't panic :)

> It requires you to read the documentation.

Ok, let me rephrase my query in a neutral manner. These are the
documentations that I am currently aware of:
* The comments in the config files (as they are included with our distro,
sometimes also a search at
https://github.com/FreeRADIUS/freeradius-server/ to be on the safe side)
* http://freeradius.org/radiusd/man/
* http://wiki.freeradius.org/...
* Searching the mailing list may also prove fruitful
* http://networkradius.com/doc/current/ + unfinished docs at the bottom of
http://networkradius.com/freeradius-documentation/
* http://deployingradius.com/

Would there be any other resources that you would add to the list?
BTW concerning the last two resources I mentioned, I'm not really sure if
it's official and/or up-to-date (well it should be since they are
interlinked).

> linelog

Thank you. I couldn't find anything appropriate at
http://freeradius.org/radiusd/man/index.html#modules. Well I could just
have looked in /etc/raddb/mods-available.

> And no, I'm not going to spoon-feed you to say how to add %n to the
linelog messages.  It should be pretty clear from the examples.

It is indeed.

> The virtual server doesn't have a "log" section.

Correct, I of course meant the main config in radiusd.conf :-[ But I guess
you know what I meant.

Let me provide an example how things are sometimes not clear, maybe you
can explain how you would have reasoned in this case in order to find the
solution:

As far as logging to SQL is concerned it is indeed not very difficult.
Here is what I did:
1) I installed the freeradius-server-mysql package (depends on your
distro, if you compile from source you probably have it out-of-the-box)
2) I then enabled the mysql module, so far so good
3) I inserted "sql" into the post-auth section of the virtual server (and
also the "Post-Auth REJECT" sub-section)
4) To start easily, I decided to have FreeRadius write the SQL queries to
a file, to that end I uncommented "logfile = ${logdir}/sqllog.sql" in
/etc/raddb/mods-enabled/sql.
However, nothing got logged. It turned out you need to uncomment the
"logfile" entry in the post-auth{} section of
"/etc/raddb/mods-config/sql/main/mysql/queries.conf".

So,
1) How did I find that out? Well, I saw
/etc/raddb/mods-config/sql/main/mysql/queries.conf being included at the
bottom of /etc/raddb/mods-enabled/sql. So I went there and saw that it
contained a post-auth{} section with a commented "logfile" entry that I
uncommented. At that point, I was guessing. That's why I'm asking how I
would have been supposed to find that solution.
2) I guess "logfile" from /etc/raddb/mods-enabled/sql then is only used
when not using rlm_sql_null? Indeed, it makes sense that you don't write
to disk twice, but c'mon ;-)

Please have mercy with the people that didn't actually code this software :)

BFN
Marki



More information about the Freeradius-Users mailing list