How-to: Enable Debugging for Radius
Create a symlink that prepares Radius for debugging.
cd /etc/freeradius/3.0/sites-enabled ln -s ../sites-available/control-socket control-socket
Note: Depending on your UCS version you might need to skip the “3.0/” part the directories mentioned here.
Enable read&write mode for the control socket.
Uncomment the line
mode = rw in file
/etc/freeradius/3.0/sites-anabled/control-socket, so there must not be a leading “#” there.
Restart the Radius service
systemctl restart freeradius
Note: The restart leads to a short-term unavailability of the Radius service and that users who are already logged on may lose their authentication information.
Activate the debugging and carry out a test authentication during it by means of radtest.
First check the secret for the radiusserver:
grep -v "#" /etc/freeradius/3.0/clients.conf| grep secret
There you will see which password is configured. We need this password for our test.
For this test you need a second command line window (ie PuTTy session), a radius user, the user password and the password just found above.
Prepare the command (without sending it- do NOT press “enter” at the moment):
radtest -t mschap <USERNAME> <USERPASSWORT> localhost 10 <PASSWORD-FROM-ABOVE>
Now activate the debug mode on the second console using
raddebug >freeradius_debug.log and start the above radtest command. The raddebug will end shortly and you have debugging information available in the file called