Re: Out and into tunnel log files
2009/9/3 Sergio Belkin : > 2009/9/1 Ivan Kalik : I have configured three virtual servers: "default", "inner" (uses eap-ttls), "inner-peap" (uses eap-peap). I guess that "out of tunnel" attempts go to "default server" log files. cron performs a daily task that more or less perform something like that: >>> >>> Please I beg you that give me an idea what I am failing. >>> >>> I clarifiy a bit: But I've found that some "OK" are sent to default >>> server log file *only*. and nothing to inner tunnel log files. >> >> PEAP and TTLS will have OKs for both inner and outer identities. PAP, >> MSCHAP etc will have only single OK. >> >> Ivan Kalik >> Kalik Informatika ISP >> > > Thanks Ivan, But in my case PAP and MSCHAP nver are used without TTLS > or PEAP. So I don't understand why some OK's was sent to default > server log. Because of that now I use > requests = > ${logdir}/radiusd-%{%{Virtual-Server}-%Y%m%d.log and now there are no > entries on default log server, I wonder if what I am doing is right, I > mean if I am omitting some OK doing that... > > Thanks in advance! > > Sergio Belkin - > Sorry for be repeating but I meant: "I don't understand why some OK's was sent to default server log *only*". -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Out and into tunnel log files
2009/9/1 Ivan Kalik : >>> I have configured three virtual servers: "default", "inner" (uses >>> eap-ttls), "inner-peap" (uses eap-peap). I guess that "out of tunnel" >>> attempts go to "default server" log files. >>> >>> cron performs a daily task that more or less perform something like >>> that: >>> >> >> Please I beg you that give me an idea what I am failing. >> >> I clarifiy a bit: But I've found that some "OK" are sent to default >> server log file *only*. and nothing to inner tunnel log files. > > PEAP and TTLS will have OKs for both inner and outer identities. PAP, > MSCHAP etc will have only single OK. > > Ivan Kalik > Kalik Informatika ISP > Thanks Ivan, But in my case PAP and MSCHAP nver are used without TTLS or PEAP. So I don't understand why some OK's was sent to default server log. Because of that now I use requests = ${logdir}/radiusd-%{%{Virtual-Server}-%Y%m%d.log and now there are no entries on default log server, I wonder if what I am doing is right, I mean if I am omitting some OK doing that... Thanks in advance! -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Out and into tunnel log files
>> I have configured three virtual servers: "default", "inner" (uses >> eap-ttls), "inner-peap" (uses eap-peap). I guess that "out of tunnel" >> attempts go to "default server" log files. >> >> cron performs a daily task that more or less perform something like >> that: >> > > Please I beg you that give me an idea what I am failing. > > I clarifiy a bit: But I've found that some "OK" are sent to default > server log file *only*. and nothing to inner tunnel log files. PEAP and TTLS will have OKs for both inner and outer identities. PAP, MSCHAP etc will have only single OK. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Out and into tunnel log files
2009/8/31 Sergio Belkin : > Hi, > > I have configured three virtual servers: "default", "inner" (uses > eap-ttls), "inner-peap" (uses eap-peap). I guess that "out of tunnel" > attempts go to "default server" log files. > > cron performs a daily task that more or less perform something like that: > > grep OK /var/log/radius/radiusd-*-$date.log | awk '{print $10}' | sort > -fu | wc -l > > That way I get how many users could get an Access-Accept. Well I've > found that that is not right. Because some supplicant can send > different identities into and out of tunnel. So I'd like to use: > > grep OK /var/log/radius/radiusd-inner*-$date.log | awk '{print $10}' | > sort -fu | wc -l > > But I've found that some "OK" are sent to default server log file. So > I can't get right statistic. Please could you help to do it? Below are > debug info: > Please I beg you that give me an idea what I am failing. I clarifiy a bit: But I've found that some "OK" are sent to default server log file *only*. and nothing to inner tunnel log files. I don't understand why if I have on radiusd.conf log { destination = files file = ${logdir}/radius.log requests = ${logdir}/radiusd-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d.log syslog_facility = daemon stripped_names = yes auth = yes auth_badpass = no auth_goodpass = no } on debug messages *only* appears: log { stripped_names = yes auth = yes auth_badpass = no auth_goodpass = no } Now I am using requests = ${logdir}/radiusd-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d.log but I don't know if it is right because ${logdir}/radiusd-%DEFAULT}-%Y%m%d.log from DEFAULT server (out of tunnel) are not generated at all, and they were useful because showed the Mac Address of supplicant. If you want to see more of my config you can do it on: http://pastebin.com/m65441172 -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html