23.4. RADIUS server log file¶
You may monitor the FreeRADIUS server log file. The location may depend on your installation.
If you are running the virtual appliance, it is /var/log/freeradius/radiusd.log
.
A successful authentication will generate log entries like this:
rlm_linotp: (lotp_auth) LinOTPd returned ':-)'
rlm_linotp: user 'administrator' authenticated successfully
If the LinOTP server definitively denied access for the user, the log entry will look like this:
rlm_linotp: (lotp_auth) LinOTPd returned ':-('
Auth: rlm_linotp: Rejecting fall-through 'administrator'
In this case you should verify why the user is denied. As the RADIUS log does not give more details on “why” you should follow the troubleshooting in section A.19.5.
If the LinOTP server runs into some internal server error, a log entry like this will appear:
rlm_linotp: (lotp_auth) LinOTPd returned ':-/'
In this case you should take a deeper look into the LinOTP server log file or the Apache error log file on the LinOTP server. If the LinOTP server can not be contacted by the RADIUS server, such a log entry will show up:
Error: rlm_linotp: Error: ERROR: Error talking to linotpd server at \
https://localhost/validate/simplecheck?user=administrator&pass=test316988: couldn't connect to host
Verify that the LinOTP server can be reached (test it with PING, telnet or a browser) and check if the LinOTP server / Apache is running.