Adam Bishop wrote: > It appears the debugging switches don't work quite as I'd expect in > FreeRADIUS 3 when RadSec is configured.
Yes. Because of OpenSSL limitations, the server MUST have multiple threads when using radsec. > # radiusd -fxx -l stdout > > Works as expected (threaded debugging with no timestamps), however: > > # radiusd -fXx -l stdout > <snip> > Wed Oct 9 14:44:18 2013 : Error: > /opt/freeradiuss/etc/raddb/sites-enabled/tls[7]: Threading must be enabled > for TLS sockets to function properly. > Wed Oct 9 14:44:18 2013 : Error: > /opt/freeradiuss/etc/raddb/sites-enabled/tls[7]: You probably need to do > 'radiusd -fxx -l stdout' for debugging So... what's wrong with following that documentation? > '-fXxx -l stdout' reacts in the same way, Because the "-X" means "-f", which is invalid for radsec. > but '-fxxx -l stdout' does run and produce timestamps, Which is what the error message says to use. What's wrong with that? > so I think this one is just a documentation issue - I can't find anything > doc/ that says xxx is a valid combination. radiusd --help also indicates > that -fXx should still be valid. > > Similarly, when doing a config check: > > # ./sbin/radiusd -Cfxx -l stdout > <snip> > /opt/freeradiuss/etc/raddb/sites-enabled/tls[7]: Threading must be enabled > for TLS sockets to function properly. > /opt/freeradiuss/etc/raddb/sites-enabled/tls[7]: You probably need to do > 'radiusd -fxx -l stdout' for debugging > > The init scripts for debian (possibly RHEL too) trigger the latter one, as it > runs a config check on restart (which bails out due to the error above). The "-C" code should be changed to remove it's setting of "-f". We'll fix that for 3.0.1. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
