Eltex-radius package has been supplemented by 1.7-28-build eraddebug and eradmin utilities (raddebug and radmin in the original) from Freeradius parent package.
eraddebug allows obtaining debugging output (like the output when using radiusd -X) from a running server. Therefore, it is possible to obtain debugging information without impacting service availability in Production.
For RADIUS server proper operation the following settings are required:
listen {
type = control
socket = ${run_dir}/${name}.sock
uid = eltxrad
gid = eltxrad
mode = rw
}
the settings above are stored in the file /etc/eltex-radius/servers/control of eltex-radius package.
To start the server, the following commands are used:
sudo -u eltxrad eradmin sudo -u eltxrad eraddebug
The first command launches eradmin utility, and the second command runs eraddebug script under eltxrad username. To obtain debugging output, the second command is used. eradmin is an independent utility for RADIUS server administration. eraddebug is a shell script wrapper around eradmin that automates the server debugging process.
Attention! Set conditions to prevent information overflow.
Options
Option | Description |
|---|---|
-c condition | Set a specific debug condition. The format of conditions is specified on: http://freeradius.org/radiusd/man/unlang.html#lbAF |
-f socket_file | The path to the control socket that is defined with |
-i ipv4-address | Show debug output for an access point having IPv4 address. The equivalent command using conditions: -c '(Packet-Src-IP-Address == ipv4-address)' |
-d config directory | The RADIUS configuration directory, usually |
-n mname | Read raddb/name.conf instead of raddb/radiusd.conf. |
-I ipv6-address | Show debug output for an access point having IPv6 address. This option is equivalent to using: -c '(Packet-Src-IPv6-Address == ipv6-address)' |
-t timeout | Debug output printing timeout in seconds. Stop printing debug output after "timeout" seconds. The default timeout is 60 seconds. Use "-t 0" to disable the option. |
-u name | Show debug output for a certain user. This option is equivalent to using: -c '(User-Name == name)' |
-t option should be used with extreme caution! Using "-t 0" in Production is not recommended.
Examples
eltex@ubuntu:/$ sudo -u eltxrad eraddebug -u wifiuser
This command run not under the root superuser, executes eraddebug script under the eltxrad name, shows debugging output for the wifitester user and stops automatically after 60 seconds (default timeout).
eltex@ubuntu:/$ sudo -u eltxrad eraddebug -t 300 -u wifiuser
This command run not under the root superuser, executes eraddebug script under the eltxrad name, shows debugging output for the wifitester user and stops automatically after 5 minutes.
root@ubuntu:/# eraddebug -t 0 -u wifiuser
When running under the root superuser, sudo is not required. This command will show debug output until it is stopped manually with Ctrl+C.
Sources:
- Official 'man' http://freeradius.org/radiusd/man/raddebug.html
- The description of the unlang processing 'un-language' used for configuration http://freeradius.org/radiusd/man/unlang.html