login about faq

Tracing a login shows that there is an issue, but the logs are not helping me solve the issue. Is there a way the MobileID could be set to debug mode?

asked Dec 27 '10 at 14:58

SSH%20KB's gravatar image

SSH KB ♦
509249246237


If a trace shows an issue, but more information would be required to remedy the issue, debug mode may need to be enabled.

There are two uses for midd.log debugs:

i. General debugging – typically for tracking down a failed function call such as a ldap_search.

ii. Advanced debugging – if a request is being dropped for an unknown reason -- this doesn’t necessarily suggest an error, but i.e. mis-configuration, missing parameters or data, etc. In such case it may be needed to back trace to the in a policy configuration where an unexpected behavior took place.

Request drops are reported in midd.log as below:

Thread-3052876688: Wed Jun  2 01:04:08 2010 [ debug ]: rad-access-req(#0x1) of seq 205 from 10.10.15.25: evHndlr_drop: dropping ctx 0xb740bf5c

In the above example the 3052876688is the Thread ID and the 205 the Request ID.

General debugging:

i. Login to the machine using a SSH client terminal.

ii. Issue command cd /opt/tectia/midd/logs/ to go to the MobileID system log files directory.

iii. Make a copy of the current midd.log, or delete it (to save disk space and make reviewing debug midd.log easier).

iv. From Web Access, do:

  1. Edit - System - Log level
  2. Set Debug - Save
  3. Go to Web Access Home
  4. Refresh MIDD
  5. Now midd.log will include full debugs.

! NOTE ! Remember to switch back to the normal log level once finished debugging.

v. Try to reproduce the failed login.

vi. Open midd.log from the console and review for errors.

Advanced debugging:

vii. Enable debugging as with General debugging.

viii. Locate roughly the lines where a failure or a request drop was assumed to have occurred.

ix. Once the correct line is found, note down the following data:

a. Thread ID – this is always on all entries. Can be used for back tracing purposes.

b. Request ID (Seq) – if available. You may be able to resolve this by back tracing using the thread ID until you find a line that also displays the request ID.

x. If line contained an error, such as a failed function call, back trace a few recent lines to see if i.e. parameters provided to a failed function call were badly constructed, etc.

xi. If the line simply contained a request drop, then you will need to back trace policy configurations until the problem source is found.

To do this:

a. From the line with a request drop, back trace to a line that has the matching Thread ID and a string value “evHndlr: {“.

b. Review the policy name that the line is referring to. For example:

Thread-3052876688: Wed Jun  2 01:04:08 2010 [ debug ]: rad-access-req(#0x1) of seq 205 from 10.10.15.25: evHndlr { OTPAUTH-3052876688 }: Drop

In the above example the policy name is OTPAUTH.

c. Open the corresponding policy configuration file, in this case /opt/tectia/midd/modules/OTPAUTH

d. In the midd.log, back trace a few steps using the search string “evHndlr: {“ (and matching Thread ID) to see in which line of the policy configuration the drop had occurred.

e. Once you have located the line of the drop, begin back tracing the policy configuration file, step-by-step. The few lines preceding “evHndlr: {“ always show the result, or the outcome, of a previous policy configuration command.

link

answered Dec 27 '10 at 15:09

SSH%20KB's gravatar image

SSH KB ♦
509249246237

Edit -> System -> LogLevel

alt Edit -> System -> Loglevel

LogLevel: Debug
Debug Options: 1664
Click save

alt LogLevel: debug

Web Access Home -> Refresh

alt refresh

link

answered Dec 12 '11 at 15:35

anttisa's gravatar image

anttisa ♦
106252627

edited Dec 12 '11 at 15:50

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×55
×9

Asked: Dec 27 '10 at 14:58

Seen: 3,356 times

Last updated: Dec 12 '11 at 15:50

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.