Documentation

 

 

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SecureAuth IdP RADIUS server logs 
Anchor
radlogs
radlogs

Enable logs

SecureAuth IdP RADIUS server logs can assist in troubleshooting the SecureAuth IdP RADIUS server.

...

Level

Description

New messages added in RADIUS server v2.4

ALL

Captures all logging

 

TRACE

Captures finer-grained informational events than DEBUG (contains all package attributes to
/ from the VPN)

 

DEBUG

Captures fine-grained informational events for debugging RADIUS

 

INFO

Captures diagnostic information at a coarse-grained level, and Adaptive Authentication password state results

  • PasswordState: Adaptive Auth results in status: Continue for user
  • PasswordState: Adaptive Auth results in status: TwoFactor for user

WARN

Designates potentially harmful situations

 

ERROR

Captures critical or error conditions that still allow RADIUS to run

 

FATAL

Captures emergency conditions for severe error events

 

OFF

Disables logging

 

Sample logs for different RADIUS failover scenarios

Failover to a SecureAuth IdP RADIUS backup server is configured under Step B: IdP Realms configuration, Add IdP Realm – see Configuration guide - v2.4 - SecureAuth IdP RADIUS server.

UI Expand
titleFailover scenario: Primary RADIUS server fails over to secondary RADIUS server which functions
Code Block
[25/Oct/2018:13:18:16 -0700]  ERROR   IdPAPIAccess: Primary IdP server failed: https://secureauth.company.com/SecureAuth3. Checking failover servers.
[25/Oct/2018:13:18:16 -0700]  INFO    IdPAPIAccess: Falling back to server: sa01.company.com
[25/Oct/2018:13:18:17 -0700]  INFO    AuditLog: Start authentication session for user: user-adm; NAS-IP: 123.45.67.89
[25/Oct/2018:13:18:17 -0700]  DEBUG   RadiusLibFacade: sending response: id=230 type=Access-Challenge
[25/Oct/2018:13:18:17 -0700]  DEBUG   RadiusLibFacade: sending response: id=231 type=Access-Challenge
[25/Oct/2018:13:18:17 -0700]  DEBUG   RadiusLibFacade: sending response: id=232 type=Access-Challenge
[25/Oct/2018:13:18:17 -0700]  DEBUG   RadiusLibFacade: sending response: id=233 type=Access-Challenge
[25/Oct/2018:13:18:18 -0700]  DEBUG   RadiusLibFacade: sending response: id=234 type=Access-Challenge
[25/Oct/2018:13:18:18 -0700]  DEBUG   RadiusLibFacade: sending response: id=235 type=Access-Challenge
[25/Oct/2018:13:18:18 -0700]  INFO    SARadiusServer: GTCHandler has been called.
[25/Oct/2018:13:18:19 -0700]  DEBUG   RadiusLibFacade: sending response: id=236 type=Access-Challenge
[25/Oct/2018:13:18:39 -0700]  INFO    SARadiusServer: GTCHandler has been called.
[25/Oct/2018:13:18:39 -0700]  DEBUG   RadiusLibFacade: sending response: id=237 type=Access-Challenge
[25/Oct/2018:13:18:40 -0700]  DEBUG   RadiusLibFacade: sending response: id=238 type=Access-Accept
[25/Oct/2018:13:18:40 -0700]  INFO    AuditLog: Granted access to user: user-adm; NAS-IP: 123.45.67.89
UI Expand
titleFailover scenario: Primary RADIUS server fails over to other RADIUS servers, none of which are functioning
Code Block
[25/Oct/2018:14:22:27 -0700]  INFO    AuditLog: Abandoned previous session for user: user-adm; NAS-IP: 123.45.67.89
[25/Oct/2018:14:22:27 -0700]  ERROR   IdPAPIAccess: Primary IdP server failed: https://secureauth.company.com/SecureAuth3. Checking failover servers.
[25/Oct/2018:14:22:28 -0700]  INFO    AuditLog: Start authentication session for user: user-adm; NAS-IP: 123.45.67.89
[25/Oct/2018:14:22:28 -0700]  DEBUG   RadiusLibFacade: sending response: id=6 type=Access-Challenge
[25/Oct/2018:14:22:28 -0700]  DEBUG   RadiusLibFacade: sending response: id=7 type=Access-Challenge
[25/Oct/2018:14:22:28 -0700]  DEBUG   RadiusLibFacade: sending response: id=8 type=Access-Challenge
[25/Oct/2018:14:22:28 -0700]  DEBUG   RadiusLibFacade: sending response: id=9 type=Access-Challenge
[25/Oct/2018:14:22:28 -0700]  DEBUG   RadiusLibFacade: sending response: id=10 type=Access-Challenge
[25/Oct/2018:14:22:28 -0700]  DEBUG   RadiusLibFacade: sending response: id=11 type=Access-Challenge
[25/Oct/2018:14:22:29 -0700]  INFO    SARadiusServer: GTCHandler has been called.
[25/Oct/2018:14:22:29 -0700]  INFO    IdPAPIAccess: Password authentication failed: invalid; message: AppId is unknown.
[25/Oct/2018:14:22:29 -0700]  INFO    PasswordState: User/Password verification failed for user: user-adm.
[25/Oct/2018:14:22:29 -0700]  DEBUG   RadiusLibFacade: sending response: id=12 type=Access-Reject
[25/Oct/2018:14:22:29 -0700]  INFO    AuditLog: Denied access request by user: user-adm; NAS-IP: 123.45.67.89
UI Expand
titleFailover scenario: Primary RADIUS server fails over to secondary server which fails, but failover attempt to third server is successful
Code Block
[25/Oct/2018:14:30:55 -0700]  ERROR   IdPAPIAccess: Primary IdP server failed: https://secureauth.company.com/SecureAuth3. Checking failover servers.
[25/Oct/2018:14:30:55 -0700]  INFO    IdPAPIAccess: Falling back to server: sa01.secureauth.com
[25/Oct/2018:14:30:56 -0700]  INFO    AuditLog: Start authentication session for user: user-adm; NAS-IP: 123.45.67.89
[25/Oct/2018:14:30:56 -0700]  DEBUG   RadiusLibFacade: sending response: id=13 type=Access-Challenge
[25/Oct/2018:14:30:56 -0700]  DEBUG   RadiusLibFacade: sending response: id=14 type=Access-Challenge
[25/Oct/2018:14:30:56 -0700]  DEBUG   RadiusLibFacade: sending response: id=15 type=Access-Challenge
[25/Oct/2018:14:30:56 -0700]  DEBUG   RadiusLibFacade: sending response: id=16 type=Access-Challenge
[25/Oct/2018:14:30:57 -0700]  DEBUG   RadiusLibFacade: sending response: id=17 type=Access-Challenge
[25/Oct/2018:14:30:57 -0700]  DEBUG   RadiusLibFacade: sending response: id=18 type=Access-Challenge
[25/Oct/2018:14:30:57 -0700]  INFO    SARadiusServer: GTCHandler has been called.
[25/Oct/2018:14:30:57 -0700]  DEBUG   RadiusLibFacade: sending response: id=19 type=Access-Challenge
[25/Oct/2018:14:31:18 -0700]  INFO    SARadiusServer: GTCHandler has been called.
[25/Oct/2018:14:31:18 -0700]  DEBUG   RadiusLibFacade: sending response: id=20 type=Access-Challenge
[25/Oct/2018:14:31:18 -0700]  DEBUG   RadiusLibFacade: sending response: id=21 type=Access-Accept
[25/Oct/2018:14:31:18 -0700]  INFO    AuditLog: Granted access to user: user-adm; NAS-IP: 123.45.67.89

============================
Primary IdP Host:
secureauth.company.com
Backup IdP Host:
secureauth2.company.com,sa01.secureauth.com

 

...

Release notes 
Anchor
notes
notes

...