Skip to main content

Debugging FreeRADIUS

Verbose Logging

Starting the freeRADIUS server with the -X flag will enable verbose logging.

This is managed through the GovWifi Terraform. Due to the volume of transactions on production, enabling this may have an impact on performance.

A better way to use this would be to enable it on staging and to have the client who is having trouble connect to that IP.

Production and staging logs can be found in CloudWatch under wifi-frontend-docker-log-group and staging-frontend-docker-log-group respectively.

It will contain all the details of the authentication request which can be used to diagnose issues.

free radius logs

Mailing List

You can get help from the FreeRADIUS community by asking questions on their user mailing list.

You will need to sign up before you can ask questions or gain access to the archives.

eapol_test

In order to simulate UDP requests locally, there is a tool called eapol_test.

This is currently used in full-stack automated testing and health checking.

eapol test

Common error messages

Error: Ignoring request to auth address * port 1812 bound to server default from unknown client

This means that the client isn’t whitelisted by the RADIUS server.

invalid Request Authenticator! (Shared secret is incorrect.)

The server knows the IP but it failed to authenticate with its pre-shared key.

This page was last reviewed on 10 January 2021. It needs to be reviewed again on 10 July 2021 by the page owner #govwifi .
This page was set to be reviewed before 10 July 2021 by the page owner #govwifi. This might mean the content is out of date.