linelog permission issue

classic Classic list List threaded Threaded
3 messages Options
| Threaded
Open this post in threaded view
|

linelog permission issue

legdayallday
Dear all,

My client authentications keep failing due to linelog permissions issues:

Thu Nov 12 19:22:15 2020 : Auth: (58)   Login OK: [[hidden email]] (from client xxxxxxxxxx port 0 via TLS tunnel)
Thu Nov 12 19:22:15 2020 : Error: rlm_linelog: Failed to open /radius/log/linelog-20201112: Permission denied
Thu Nov 12 19:22:15 2020 : Error: rlm_linelog: Failed to open /radius/log/linelog-20201112: Permission denied
Thu Nov 12 19:22:15 2020 : Auth: (59) Rejected in post-auth: [[hidden email]] (from client xxxxxxxxxxxx port 13 cli 0ec84fa38cad)

There are no issues writing into authentication, accounting, and reply logs. I have set 660 permissions for the linelog module as well. Could someone please help? Or offer a way to bypass this?

Authentications are fine once linelog has been commented out in the virtual server configs... but having the linelog would help immensely in monitoring the authentications coming in the hundreds per minute.

Thanks in advance.




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: linelog permission issue

Ibrahim AKSIT
Hi dear all,
it seems that your log folder is at the / path which means the root of the
disk. It might be /var/log/radius.... or if you customize it as seen in
your "Thu Nov 12 19:22:15 2020 : Error: rlm_linelog: Failed to open
/radius/log/linelog-20201112: Permission denied" line. The owner of
/radius/log should be user "freerad" in debian/ubuntu case. You should
check your log permission accordingly.

The issue is related with permission.
I hope it helps.

İbrahim AKŞİT

Best Regards and Wishes
Yours Sincerely.


On Thu, Nov 12, 2020 at 2:41 PM lingctam <[hidden email]> wrote:

> Dear all,
>
> My client authentications keep failing due to linelog permissions issues:
>
> Thu Nov 12 19:22:15 2020 : Auth: (58)   Login OK: [[hidden email]]
> (from client xxxxxxxxxx port 0 via TLS tunnel)
> Thu Nov 12 19:22:15 2020 : Error: rlm_linelog: Failed to open
> /radius/log/linelog-20201112: Permission denied
> Thu Nov 12 19:22:15 2020 : Error: rlm_linelog: Failed to open
> /radius/log/linelog-20201112: Permission denied
> Thu Nov 12 19:22:15 2020 : Auth: (59) Rejected in post-auth: [
> [hidden email]] (from client xxxxxxxxxxxx port 13 cli 0ec84fa38cad)
>
> There are no issues writing into authentication, accounting, and reply
> logs. I have set 660 permissions for the linelog module as well. Could
> someone please help? Or offer a way to bypass this?
>
> Authentications are fine once linelog has been commented out in the
> virtual server configs... but having the linelog would help immensely in
> monitoring the authentications coming in the hundreds per minute.
>
> Thanks in advance.
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: linelog permission issue

Alan DeKok-2
In reply to this post by legdayallday
On Nov 12, 2020, at 6:37 AM, lingctam <[hidden email]> wrote
>
> My client authentications keep failing due to linelog permissions issues:
>
> Thu Nov 12 19:22:15 2020 : Auth: (58)   Login OK: [[hidden email]] (from client xxxxxxxxxx port 0 via TLS tunnel)
> Thu Nov 12 19:22:15 2020 : Error: rlm_linelog: Failed to open /radius/log/linelog-20201112: Permission denied
> Thu Nov 12 19:22:15 2020 : Error: rlm_linelog: Failed to open /radius/log/linelog-20201112: Permission denied
> Thu Nov 12 19:22:15 2020 : Auth: (59) Rejected in post-auth: [[hidden email]] (from client xxxxxxxxxxxx port 13 cli 0ec84fa38cad)
>
> There are no issues writing into authentication, accounting, and reply logs. I have set 660 permissions for the linelog module as well. Could someone please help? Or offer a way to bypass this?

  FreeRADIUS does not change the permissions or owners of the log directories.  If you *keep* having issues, then something *else* is mangling the permissions.

  Check the rest of the system, for log rotation scripts, etc.  Those are likely breaking FreeRADIUS.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html