RadiusAuthMonitor

This monitor lets you test the functionality of the RADIUS authentication system. The availability is tested by sending an AUTH packet to the RADIUS server. If a valid ACCEPT response is received, the RADIUS service is up and considered available.

The use of the RadiusAuthMonitor requires the installation of the meridian-plugin-protocol-radius package before polling will start.

To install the meridian-plugin-protocol-radius package:

  • For RPM-based distributions:

    • yum install meridian-plugin-protocol-radius

  • For Debian-based distributions:

    • apt-get install meridian-plugin-protocol-radius

This monitor performs similar tests to using the radtest tool to check the status of a RADIUS server.

root@vagrant:~# radtest "John Doe" hello 127.0.0.1 1812 radiuspassword
Sending Access-Request of id 49 to 127.0.0.1 port 1812
	User-Name = "John Doe"
	User-Password = "hello"
	NAS-IP-Address = 127.0.0.1
	NAS-Port = 1812
	Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=49, length=37 (1)
	Reply-Message = "Hello, John Doe"
1 The Access-Accept message that the monitor evaluates.

Monitor facts

Class Name

org.opennms.protocols.radius.monitor.RadiusAuthMonitor

Configuration and use

Table 1. Optional monitor-specific parameters for the RadiusAuthMonitor
Parameter Description Default

timeout

Time in milliseconds to wait for the RADIUS service.

5000

retry

Number of attempts to test a service’s status (up or down).

0

authport

RADIUS authentication port.

1812

acctport

RADIUS accounting port.

1813

user {}

Username to test the authentication.

OpenNMS

password {}

Password to test the authentication.

OpenNMS

secret {}

The RADIUS shared secret used for communication between the client/NAS and the RADIUS server.

secret

authtype

RADIUS authentication type. The following authentication types are supported: chap, pap, mschapv1, mschapv2, eapmd5, eapmschapv2, eapttls.

pap

nasid {}

The Network Access Server identifier originating the Access-Request.

opennms

inner-protocol

When using EAP-TTLS authentication, this property indicates the tunnelled authentication type. Only pap is currently supported.

pap

inner-user {}

Username for the tunnelled pap authentication when using EAP-TTLS.

Inner-OpenNMS

{} indicates the parameter supports placeholder substitution.

This monitor implements the Common Configuration Parameters.

Examples

Sample configuration shows how to configure the monitor in poller-configuration.xml.

Example uses CentOS/RHEL path name. For Debian/Ubuntu, use /var/lib/opennms/rrd/response.

Note that you must include the monitor section for each service in your definition.

<service name="Radius-Authentication" interval="300000" user-defined="false" status="on">
  <parameter key="retry" value="3" />
  <parameter key="timeout" value="3000" />
  <parameter key="user" value="John Doe" />
  <parameter key="password" value="hello" />
  <parameter key="secret" value="radiuspassword" />
  <parameter key="rrd-repository" value="/opt/opennms/share/rrd/response" />
  <parameter key="ds-name" value="radiusauth" />
</service>

<monitor service="Radius-Authentication" class-name="org.opennms.protocols.radius.monitor.RadiusAuthMonitor" />