hi,
we use nagios to monitor our freeradius install. this is using
the adv_radius_check plugin to check from the nagios servers a
user on the freeradius server (in the users file), the following
are the succinct details
users file entry
nagios-user Huntgroup-Name == "nagios", Cleartext-Password := "password",
Autz-Type := nagios-check
Reply-Message = "This server is active",
Fall-Through = No
huntgroup file
nagios Client-IP-Address == 127.0.0.1
nagios Client-IP-Address == 10.1.1.2
nagios Client-IP-Address == 10.1.1.3
sites-enabled/default auth entry
authorize {
Autz-Type nagios-check {
files
ok = return
}
}
okay. so the user authentication tests fine with radtest on the radius
server....and it works fine
from the 2 nagios boxes...almost always. occasionally we see the following
error come through during
the 5-minute interval tests.......
Wed Nov 7 11:21:40 2007 : Auth: Login OK: [nagios-user] (from client 10.1.1.2
port 0)
Wed Nov 7 11:26:40 2007 : Auth: Login incorrect: [nagios-user] (from client
10.1.1.2 port 0)
Wed Nov 7 11:29:40 2007 : Auth: Login OK: [nagios-user] (from client 10.1.1.2
port 0)
of course, when that 11:26:40 event occurred, nagios claims a problem with the
RADIUS.
now, the check method is the same, the password is the same, the IP is the
same, in essence
nothing changes at all between each 5-minute test (the last entry 11:29:40 is
quicker
than a 5 minute interval as nagios catches up with failed events within a
following window)
and this is just plain PAP check in users file.
so why is it occasionally failing? has anyone else seen this sort of activity?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
