Troubleshooting Your Configuration with trace

Step 1.

Run the aregcmd command and log into AR, as seen in Example 15-16.

Example 15-16. Log In to AR

 # /opt/CSCOar/usrbin/aregcmd Cisco Access Registrar 3.5.0.7 Configuration Utility Copyright (C) 1995-2004 by Cisco Systems, Inc.  All rights reserved. Cluster: User: admin Password:***** Logging in to localhost [ //localhost ]     LicenseKey = 6N16-SJIV-61RI-VU1G (expires in 64 days)     Radius/     Administrators/ Server 'Radius' is Running, its health is 10 out of 10 

Step 2.

Use the trace command to set the trace level to a value between 14.

Step 3.

Exit from aregcmd.

  
Step 4. 

Log in to radclient.

Step 5.

Create another test packet. You did this in the previous section.

Step 6.

Send the test packet.

Step 7.

Exit radclient.

Step 8.

Use the UNIX tail command to view the end of the name_radius_1_trace log where the failed attempt was logged, as seen in Example 15-17.

Example 15-17. Reading the name_radius_1_trace Log

 # tail -f /opt/CSCOar/logs/name_radius_1_trace 02/23/2004 16:12:29: P268: Authenticating and Authorizing with Service local-users 02/23/2004 16:12:29: P268: Getting User john's UserRecord from UserList Default 02/23/2004 16:12:29: P268: Failed to get User john's UserRecord from UserList Default 02/23/2004 16:12:29: P268: Trace of Access-Reject packet 02/23/2004 16:12:29: P268:    identifier = 2 02/23/2004 16:12:29: P268:    length = 35 02/23/2004 16:12:29: P268:    reqauth = 11:11:d5:56:dc:c3:ec:1d:89:8c:fd:f4:19:9d:57:2a 02/23/2004 16:12:29: P268:    Reply-Message = Access Denied 02/23/2004 16:12:29: P268: Sending response to 127.0.0.1 02/23/2004 16:12:29: Log: Request from localhost (127.0.0.1): User john rejected (UnknownUser) 

Step 9.

Read through the log to see where the request failed. In this case, the user john is unknown.