Re: Out and into tunnel log files
2009/9/3 Sergio Belkin :
> 2009/9/1 Ivan Kalik :
I have configured three virtual servers: "default", "inner" (uses
eap-ttls), "inner-peap" (uses eap-peap). I guess that "out of tunnel"
attempts go to "default server" log files.
cron performs a daily task that more or less perform something like
that:
>>>
>>> Please I beg you that give me an idea what I am failing.
>>>
>>> I clarifiy a bit: But I've found that some "OK" are sent to default
>>> server log file *only*. and nothing to inner tunnel log files.
>>
>> PEAP and TTLS will have OKs for both inner and outer identities. PAP,
>> MSCHAP etc will have only single OK.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>
> Thanks Ivan, But in my case PAP and MSCHAP nver are used without TTLS
> or PEAP. So I don't understand why some OK's was sent to default
> server log. Because of that now I use
> requests =
> ${logdir}/radiusd-%{%{Virtual-Server}-%Y%m%d.log and now there are no
> entries on default log server, I wonder if what I am doing is right, I
> mean if I am omitting some OK doing that...
>
> Thanks in advance!
>
> Sergio Belkin -
>
Sorry for be repeating but I meant: "I don't understand why some OK's
was sent to default
server log *only*".
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Out and into tunnel log files
2009/9/1 Ivan Kalik :
>>> I have configured three virtual servers: "default", "inner" (uses
>>> eap-ttls), "inner-peap" (uses eap-peap). I guess that "out of tunnel"
>>> attempts go to "default server" log files.
>>>
>>> cron performs a daily task that more or less perform something like
>>> that:
>>>
>>
>> Please I beg you that give me an idea what I am failing.
>>
>> I clarifiy a bit: But I've found that some "OK" are sent to default
>> server log file *only*. and nothing to inner tunnel log files.
>
> PEAP and TTLS will have OKs for both inner and outer identities. PAP,
> MSCHAP etc will have only single OK.
>
> Ivan Kalik
> Kalik Informatika ISP
>
Thanks Ivan, But in my case PAP and MSCHAP nver are used without TTLS
or PEAP. So I don't understand why some OK's was sent to default
server log. Because of that now I use
requests =
${logdir}/radiusd-%{%{Virtual-Server}-%Y%m%d.log and now there are no
entries on default log server, I wonder if what I am doing is right, I
mean if I am omitting some OK doing that...
Thanks in advance!
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Out and into tunnel log files
>> I have configured three virtual servers: "default", "inner" (uses >> eap-ttls), "inner-peap" (uses eap-peap). I guess that "out of tunnel" >> attempts go to "default server" log files. >> >> cron performs a daily task that more or less perform something like >> that: >> > > Please I beg you that give me an idea what I am failing. > > I clarifiy a bit: But I've found that some "OK" are sent to default > server log file *only*. and nothing to inner tunnel log files. PEAP and TTLS will have OKs for both inner and outer identities. PAP, MSCHAP etc will have only single OK. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Out and into tunnel log files
2009/8/31 Sergio Belkin :
> Hi,
>
> I have configured three virtual servers: "default", "inner" (uses
> eap-ttls), "inner-peap" (uses eap-peap). I guess that "out of tunnel"
> attempts go to "default server" log files.
>
> cron performs a daily task that more or less perform something like that:
>
> grep OK /var/log/radius/radiusd-*-$date.log | awk '{print $10}' | sort
> -fu | wc -l
>
> That way I get how many users could get an Access-Accept. Well I've
> found that that is not right. Because some supplicant can send
> different identities into and out of tunnel. So I'd like to use:
>
> grep OK /var/log/radius/radiusd-inner*-$date.log | awk '{print $10}' |
> sort -fu | wc -l
>
> But I've found that some "OK" are sent to default server log file. So
> I can't get right statistic. Please could you help to do it? Below are
> debug info:
>
Please I beg you that give me an idea what I am failing.
I clarifiy a bit: But I've found that some "OK" are sent to default
server log file *only*. and nothing to inner tunnel log files.
I don't understand why if I have on radiusd.conf
log {
destination = files
file = ${logdir}/radius.log
requests =
${logdir}/radiusd-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d.log
syslog_facility = daemon
stripped_names = yes
auth = yes
auth_badpass = no
auth_goodpass = no
}
on debug messages *only* appears:
log {
stripped_names = yes
auth = yes
auth_badpass = no
auth_goodpass = no
}
Now I am using requests =
${logdir}/radiusd-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d.log but I don't
know if it is right because ${logdir}/radiusd-%DEFAULT}-%Y%m%d.log
from DEFAULT server (out of tunnel) are not generated at all, and they
were useful because showed the Mac Address of supplicant.
If you want to see more of my config you can do it on:
http://pastebin.com/m65441172
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
