This article is an overview of how to enable RADIUS debugging, enabling RADIUS verbose logs and enabling tracing on RSA Authentication Manager 8.x.
For Authentication Manager 8.5.x and below, RSA uses Steel Belted RADIUS. For 8.6 and higher, we use Free RADIUS. Because of these changes, the way debug is enabled has changed slightly. Follow the steps below. For all versions, changes are done from the Operations Console, although you can edit the files in /opt/rsa/am/radius.
- Select Deployment Configuration > RADIUS Servers > Edit RADIUS Server.
- Click the drop down arrow on the primary Authentication Manager server and choose Manage Server Files.
For Authentication Manager 8.5
- Click on the drop down arrow next to the radius.ini file and choose Edit.
- Uncomment the following three lines: [Configuration], Trace Level and Log level, by removing the semicolon ( ; ) or # sign from the beginning of the line.
- Change the trace level and log level values to 2 (accepted values are only 0,1,2), as shown:
[Configuration]
LogLevel = 2
TraceLevel = 2
- When done, click Save & Restart RADIUS Server. This restart allows the debug changes to take effect.
For Authentication Manager 8.6
- Click on the drop down arrow next to the radiusd.conf file and choose Edit.
- Change the debug_level value to 2, as shown:
debug_level=2
- When done, click Save & Restart RADIUS Server. This restart allows the debug changes to take effect
- When RADIUS testing is complete, turn off RADIUS debug logging by following the steps above, changing LogLevel and TraceLevel or debug_level back to 0 then restarting RADIUS servers.
RADIUS logs are found in /opt/rsa/am/radius on their respective servers.
- For Authentication Manager 8.5 and below, the files are named mmddyyyy.log (often called date.log files), where the date is the day they were written.
- In Authentication Manager 8.6 and above, the log files are in the same directory, but it is called radius.log.