Debugging while service is running

Bjørn Mork bjorn at
Tue Sep 22 21:02:09 CEST 2020

Alan Buxey <alan.buxey at> writes:

> if the config is present and done, yes - as Alan has said, look at
> control-socket
> another useful method is to have a 2nd instance of FR that listens on
> different ports but with the same
> main config etc as the production server (or just use another box or
> docker container etc) - then have a specific
> AP or switch configured to talk to only that FR instance and put your
> client on that.  its like a little medical treatment
> room to see WTF the client issue is :-)

I recommend anyone who hasn't yet tried it to take a deep look at the
control-socket.  Play with it for a while so you know what it can do.

It's an incredibly powerful tool.  I just love the ability to
conditionally debug specific requests on a busy production server. Any
production NAS would quickly produce a lot of debugging noise on your
2nd instance.  The control socket let you debug just that single user
with issues, or a single Calling-Station-Id or whatever conditional
debug filter you want.  Without touching the NAS config at all.  It's
just beautiful :-)

But do read the the warnings in the example config.  You obviously need
to trust anyone with access to the control socket.  Shouldn't be a big
problem, since you really shouldn't allow anyone you don't trust to
access your radius servers at all.


More information about the Freeradius-Users mailing list