How to log authentication requests on FreeRadius

This short how-to shows you how to enable log authentication requests on FreeRadius. By enabling this log, you can trace whether the users are successfully authenticated or not.

FreeRadius is a free, open source and yet powerful Radius software which is used by many companies for their AAA solutions. It can be used as a WiFi HotSpot, wired or wireless LAN, and even mobile authentication server using MSISDN number.

One important thing for troubleshoting purpose is by enabling the log authentication requests. With the log enabled, you can trace which users are successfully authenticated or not.

To enable the log authentication requests on FreeRadius, you can follow the guide below:

In Ubuntu, open file /etc/freeradius/radiusd.conf and find the log { directive and change the value to yes.

#  Log authentication requests to the log file.
#  allowed values: {no, yes}
auth = yes 

#  Log passwords with the authentication requests.
#  auth_badpass  - logs password if it's rejected
#  auth_goodpass - logs password if it's correct
#  allowed values: {no, yes}
auth_badpass = yes
auth_goodpass = yes

After editing this file, restart the freeradius:

# /etc/init.d/freeradius restart
 * Stopping FreeRADIUS daemon freeradius                                                                      
 * /var/run/freeradius/ not found...                                                    [ OK ] 
 * Starting FreeRADIUS daemon freeradius                                                              [ OK ]


If users try to login, you can see them on the log like below

Thu Apr  2 16:08:38 2015 : Auth: Login OK: [sqltest/testpwd] (from client localhost port 1812)
Thu Apr  2 16:08:47 2015 : Auth: Login incorrect: [sqltest/testpw] (from client localhost port 1812)
Thu Apr  2 19:41:31 2015 : Auth: Login OK: [fuad/fuad123] (from client localhost port 1812)

I hope that this short guide is helpful for you to enable log in FreeRadius server.