check_radius works from command line but lists Auth Error via interface

NetNITCO Systems Administration joshadmin at netnitco.net
Mon Jul 11 18:05:26 CEST 2005

Previous message: RH AS3.0
Next message: check_radius works from command line but lists Auth Error via interface
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

While deploying a new Nagios installation, I've ran into a problem with
the 'check_radius' plugin.  I can execute check_radius as follows from
the command line and it appears to function properly:

# ./check_radius -H 216.xxx.xxx.xxx -F /etc/nagios/radiusclient.conf -u
Username -p Password -t 10

The result from the above command is "Auth OK" without a newline.

However, with the service configured, I get the following from Nagios:

Service	Status		Last Check		Duration	Attempt		Status Information

RADIUS	CRITICAL 	07-11-2005 10:44:04 	0d 1h 27m 34s 	3/3 	Auth Error

I also noticed that when executing the command manually from the command
line, I get the following in my RADIUS logs:

Mon Jul 11 10:45:37 2005 : Auth: Login OK: [Username] (from client
hostsystem port 0)

I do NOT have any information in my RADIUS logs for the attempts by
Nagios.  After noticing this, I used tcpdump to see what was happening
when Nagios attempted the check.

I only get the following:

10:49:04.976764 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF],
length: 84) hostsystem.domain.net > radiushost.domain.net: icmp 64: echo
request seq 1
10:49:04.976989 IP (tos 0x0, ttl  64, id 35731, offset 0, flags [DF],
length: 84) radiushost.domain.net > hostsystem.domain.net: icmp 64: echo
reply seq 1
10:49:05.976415 IP (tos 0x0, ttl  64, id 1, offset 0, flags [DF],
length: 84) hostsystem.domain.net > radiushost.domain.net: icmp 64: echo
request seq 2
10:49:05.976676 IP (tos 0x0, ttl  64, id 35734, offset 0, flags [DF],
length: 84) radiushost.domain.net > hostsystem.domain.net: icmp 64: echo
reply seq 2
[SNIP]

However, when I run the command manually, I receive:

10:45:39.988513 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF],
length: 90) hostsystem.domain.net.39090 >
radiushost.domain.net.datametrics: RADIUS, length: 62
        Access Request (1), id: 0x9e, Authenticator:
40c1d67540eae20c5551b7292a18dfdf
          Service Type Attribute (6), length: 6, Value: Authenticate Only
            0x0000:  0000 0008
10:45:39.992663 IP (tos 0x0, ttl  64, id 27936, offset 0, flags [none],
length: 90) radiushost.domain.net.datametrics >
hostsystem.domain.net.39090: RADIUS, length: 62
        Access Accept (2), id: 0x9e, Authenticator:
ec6b64d922ae10566679dd15f5a632fc
          Service Type Attribute (6), length: 6, Value: Framed
            0x0000:  0000 0002

My configuration for this service and command is as follows:

services.cfg:
---------------
define service{
        use                             generic-service
        host_name                       radiushost.domain.net
        service_description             RADIUS
        is_volatile                     0
        check_period                    24x7
        max_check_attempts              3
        normal_check_interval           5
        retry_check_interval            1
        contact_groups                  sysadmin
        notification_interval           120
        notification_period             24x7
        notification_options            w,u,c,r
        check_command                   check_radius
        }

checkcommands.cfg:
------------------
define command{
        command_name    check_radius
        command_line    $USER1$/check_radius -H $HOSTADDRESS$ -F
/etc/nagios/radiusclient.conf -u Username -p Password -t 10


I have also tried specifying all options for the checkcommand.cfg entry
as $ARGn$ variables and passing them that way, as well as manually
specifying the host IP in place of $HOSTADDRESS$.

My check_radius version reports: check_radius (nagios-plugins 1.4) 1.21

Thanks,

~ Josh Snyder, System Administrator
NetNITCO Internet Services
joshadmin at netnitco.net


-------------------------------------------------------
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP, 
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: RH AS3.0
Next message: check_radius works from command line but lists Auth Error via interface
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list