Enabling debug level on server
Alan DeKok
aland at deployingradius.com
Fri Dec 4 21:10:55 CET 2020
On Dec 4, 2020, at 1:15 PM, Dan M <dan.red.beard at gmail.com> wrote:
>
> I need to get debug output without being able to start the server with -X.
> After reviewing your reply to: Requests being rejected with "Invalid user" and reviewing the related docs
> I see two options: radmin OR possibly in authorize section
> Both require config changes and both have challenges in our locked down environment.
It's a little difficult to debug things when you're not allowed to do anything.
> Invoke radmin issue useful commands: (possibly using the -f socket_file and -I input_file)
> show debug level
> show module list
> debug file [filename full path]
> # If I don't set the filename will debug go to the current log file?
Yes.
> # e.g. from: log { destination = files file = ${logdir}/radius.log ...
> # Can I just use the same logfile filename and base logging and debug will go to same file?
It's best to not do that. i.e. writing to the same file from two different locations will likely work, but is unnecessary/
> # Can the debug file name be set permanently in the config somewhere?
No.
> set debug level 1
> # (What is a good/recommended level?)
2
> - watch for failures and go read the debug data
>
> Alternately, in Vers 3.17 can I just add the below to my authorize section?:
> update control {
> Tmp-String-0 = "%{debug:1}"
> }
> Does it REQUIRE a conditional? If so would: "if ( "A" == "A") { ... }" suffice?
It doesn't require a condition. But adding a condition lets you turn debugging on or off.
Alan DeKok.
More information about the Freeradius-Users
mailing list