How-to: Enable Debugging for Radius

Step 1

Create a symlink that prepares Radius for debugging.

cd /etc/freeradius/3.0/sites-enabled
ln -s ../sites-available/control-socket control-socket

Note: Depending on your UCS version you might need to skip the “3.0/” part the directories mentioned here.

Step 2

Enable read&write mode for the control socket.
Uncomment the line mode = rw in file /etc/freeradius/3.0/sites-enabled/control-socket, so there must not be a leading “#” there.

Step 3

Restart the Radius service
systemctl restart freeradius
Note: The restart leads to a short-term unavailability of the Radius service and that users who are already logged on may lose their authentication information.

Step 4

Activate the debugging and carry out a test authentication during it by means of radtest.

First check the secret for the radiusserver:
grep -v "#" /etc/freeradius/3.0/clients.conf| grep secret
There you will see which password is configured. We need this password for our test.

For this test you need a second command line window (ie PuTTy session), a radius user, the user password and the password just found above.
Prepare the command (without sending it- do NOT press “enter” at the moment):

radtest -t mschap <USERNAME> <USERPASSWORT> localhost 10 <PASSWORD-FROM-ABOVE>

Now activate the debug mode on the second console using raddebug >freeradius_debug.log and start the above radtest command. The raddebug will end shortly and you have debugging information available in the file called freeradius_debug.log.