RadiusAuthMonitor
This monitor lets you test the functionality of the RADIUS authentication system. The availability is tested by sending an AUTH packet to the RADIUS server. If a valid ACCEPT response is received, the RADIUS service is up and considered available.
The use of the RadiusAuthMonitor requires the installation of the meridian-plugin-protocol-radius package before polling will start.
|
This monitor performs similar tests to using the radtest tool to check the status of a RADIUS server.
root@vagrant:~# radtest "John Doe" hello 127.0.0.1 1812 radiuspassword
Sending Access-Request of id 49 to 127.0.0.1 port 1812
User-Name = "John Doe"
User-Password = "hello"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=49, length=37 (1)
Reply-Message = "Hello, John Doe"
1 | The Access-Accept message that the monitor evaluates. |
Configuration and use
Parameter | Description | Default |
---|---|---|
timeout |
Time in milliseconds to wait for the RADIUS service. |
5000 |
retry |
Number of attempts to test a service’s status (up or down). |
0 |
authport |
RADIUS authentication port. |
1812 |
acctport |
RADIUS accounting port. |
1813 |
user {} |
Username to test the authentication. |
OpenNMS |
password {} |
Password to test the authentication. |
OpenNMS |
secret {} |
The RADIUS shared secret used for communication between the client/NAS and the RADIUS server. |
secret |
authtype |
RADIUS authentication type. The following authentication types are supported: chap, pap, mschapv1, mschapv2, eapmd5, eapmschapv2, eapttls. |
pap |
nasid {} |
The Network Access Server identifier originating the Access-Request. |
opennms |
inner-protocol |
When using EAP-TTLS authentication, this property indicates the tunnelled authentication type. Only pap is currently supported. |
pap |
inner-user {} |
Username for the tunnelled pap authentication when using EAP-TTLS. |
Inner-OpenNMS |
{} indicates the parameter supports placeholder substitution.
This monitor implements the Common Configuration Parameters.
Examples
Sample configuration shows how to configure the monitor in poller-configuration.xml
.
Example uses CentOS/RHEL path name.
For Debian/Ubuntu, use /var/lib/opennms/rrd/response
.
Note that you must include the monitor
section for each service in your definition.
<service name="Radius-Authentication" interval="300000" user-defined="false" status="on">
<parameter key="retry" value="3" />
<parameter key="timeout" value="3000" />
<parameter key="user" value="John Doe" />
<parameter key="password" value="hello" />
<parameter key="secret" value="radiuspassword" />
<parameter key="rrd-repository" value="/opt/opennms/share/rrd/response" />
<parameter key="ds-name" value="radiusauth" />
</service>
<monitor service="Radius-Authentication" class-name="org.opennms.protocols.radius.monitor.RadiusAuthMonitor" />