Dennis Skinner wrote: > Alan Dekok wrote: >> Graham Beneke wrote: >>> Does anyone know of any system that could be used to remotely monitor if >>> a radius server is up? >> radclient? Send the server a Status-Server request, and it should >> respond. See radiusd.conf for more. >> >>> Something along the lines of radtest and then you would add a nasclient >>> line for each testing location and dummy users entry that can be queried >>> by the test location. >> That's not needed. > > Except I don't think that will test your db connection (if you have > one). If you use radclient to do a full auth test, you get a better > idea as to the status of the entire service instead of just the daemon. >
Yes, pretty damn important. It's worth checking the return codes of certain modules like rlm_sql and rlm_ldap and sometimes invoking another module on failure, like a secondary emergency users file with static accounts.. Just in case something goes horribly wrong with your SQL/LDAP server. Here we use RADIUS for authenticating users on the administrative interface of our edge switches, as well as doing port access authentication on the edge ports. During early testing our SQL server died, which meant no one could log into any of the switches on our residential network... Although our switches fail over to local statically configured passwords if they can't reach a radius server.. the RADIUS server was up .. it just wasn't authorising any users :) Actually ... it might be an idea to add another return path which drops the request and sends no reply, just to make the RADIUS server seem dead if any of it's critical dependencies fail. Though I offer no patches ;) -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
