Freeradius 2 templates

Templates, scripts for templates, scripts and requests for templates.

Moderators: Developers, Moderators

alxgomz
Posts: 25
Joined: Fri Nov 14, 2008 9:20 pm

Freeradius 2 templates

Post by alxgomz »

Hello I have released script/Data_Input/data_templates/graph template for freeradius 2.x
It is based on radclient (which needs to be installed on cacti server, as snmp module as been depracated in freeradius 2.x. It now uses status-server request.
I'd like to know if someone is interested in testing that plugin...
it consist of one data-input method, 2 data templates and 2 graph templates (that should all be imported via xml files in cacti.) and one bash script to query the radius server for statistics (it also contains informations about radius config to enable)....
If someone feels like testing it ... I leave a tarball with all the stuff inside...
I'd be glad to have feedback.

P.S: freeradius attributes dictionary have to be up-to-date

See more recent posts for attachement.
Attachments
example of producede graph
example of producede graph
screenshot1.png (30.94 KiB) Viewed 25220 times
Last edited by alxgomz on Mon Apr 26, 2010 8:29 pm, edited 1 time in total.
bhumin
Posts: 11
Joined: Sun Jul 13, 2008 2:36 am
Location: surat
Contact:

Re: Freeradius 2 templates

Post by bhumin »

alxgomz wrote:Hello I have released script/Data_Input/data_templates/graph template for freeradius 2.x
Nice template.
but unfortunately its not working with my radius servers.
i have 9 different radius servers for PPPOE authentication manage by 3rd party vendor.
1) don't have "radius client shared secret"
2) don't know "UDP Port listening for status query"
3) where to put "radstatus.sh" ?
how can i create graph without this?
also i m getting following error message for radius host.

---------------------------------------
11/27/2008 12:55:37 PM - SPINE: Poller[0] Host[36] DS[554] WARNING: Result from SCRIPT not valid. Partial Result: ...
11/27/2008 12:55:37 PM - SPINE: Poller[0] Host[36] ERROR: Empty result [116.74.105.13]: '/var/www/html/scripts/radstatus.sh acct 116.74.105.13 '
11/27/2008 12:55:37 PM - SPINE: Poller[0] Host[36] DS[555] WARNING: Result from SCRIPT not valid. Partial Result: ...
----------------------------------------

one more thing is i want to create only one graph with total PPP users online in my radius server. how can i make it happen?

plz help.

thanks.
Attachments
cacti-radius-1.JPG
cacti-radius-1.JPG (268.17 KiB) Viewed 25147 times
cacti-radius-2.JPG
cacti-radius-2.JPG (152.14 KiB) Viewed 25147 times
microshift
Posts: 7
Joined: Sun Jan 18, 2009 5:19 pm

Re: Freeradius 2 templates

Post by microshift »

Hello

I found this script very interesting.

I have some thousands Freeradius users among a dozen NAS which I would like to follow in Cacti.

Will I have to make a script for each NAS?

Thanks

PS: I'm noob here :wink:
alxgomz wrote:Hello I have released script/Data_Input/data_templates/graph template for freeradius 2.x
It is based on radclient (which needs to be installed on cacti server, as snmp module as been depracated in freeradius 2.x. It now uses status-server request.
I'd like to know if someone is interested in testing that plugin...
it consist of one data-input method, 2 data templates and 2 graph templates (that should all be imported via xml files in cacti.) and one bash script to query the radius server for statistics (it also contains informations about radius config to enable)....
If someone feels like testing it ... I leave a tarball with all the stuff inside...
I'd be glad to have feedback.

P.S: freeradius attributes dictionary have to be up-to-date
alxgomz
Posts: 25
Joined: Fri Nov 14, 2008 9:20 pm

Re: Freeradius 2 templates

Post by alxgomz »

bhumin wrote:
alxgomz wrote:Hello I have released script/Data_Input/data_templates/graph template for freeradius 2.x
Nice template.
but unfortunately its not working with my radius servers.
i have 9 different radius servers for PPPOE authentication manage by 3rd party vendor.
Do you mean you can't change your config on the radius server? If so, it's gonna be tough!
bhumin wrote: don't have "radius client shared secret"
This script is based on radius queries so you must be configured as a client on the freeradius2 server (yes this script only works with freeradius2 as of snmp module has been replaced by the status listener.
bhumin wrote: don't know "UDP Port listening for status query"
This is configurable is the status listener
bhumin wrote: where to put "radstatus.sh" ?
in the scripts directory in cacti's root (eg: /var/www/cacti/scripts)
bhumin wrote:how can i create graph without this?
also i m getting following error message for radius host.
...
one more thing is i want to create only one graph with total PPP users online in my radius server. how can i make it happen?

plz help.

thanks.
try launching the script in a shell to debug...
alxgomz
Posts: 25
Joined: Fri Nov 14, 2008 9:20 pm

Re: Freeradius 2 templates

Post by alxgomz »

microshift wrote: ...Will I have to make a script for each NAS?
No, you can manage several freeradius 2.x servers with the only radstatus.sh script... just configure each device with the appropriated data template and graph template too.
I have putted few example in the archive that should help... hopefully :P
kirgudu
Posts: 10
Joined: Wed Feb 04, 2009 4:22 am
Location: Moscow, Russia

Post by kirgudu »

I see strange Queue Type:
In FreeRadius documentation exists next method:

Code: Select all

echo "Message-Authenticator = 0x00, FreeRADIUS-Statistics-Type = 1"|radclient $HOST:$PORT status $SECRET
But I coudn't found FR-Statistics-Type. And I have:

radclient:: Invalid octet string "Authentication" for attribute name

freeradius/dictionary.freeradius

Code: Select all

# -*- text -*-
#
#       The FreeRADIUS Vendor-Specific dictionary.
#
# Version:      $Id$
#
#       For a complete list of Private Enterprise Codes, see:
#
#       http://www.isi.edu/in-notes/iana/assignments/enterprise-numbers
#

VENDOR          FreeRADIUS                      11344

BEGIN-VENDOR    FreeRADIUS

ATTRIBUTE       FreeRADIUS-Proxied-To                   1       ipaddr


#
#  This attribute is really a bitmask.
#
ATTRIBUTE       FreeRADIUS-Statistics-Type              127     integer

VALUE   FreeRADIUS-Statistics-Type      None                    0
VALUE   FreeRADIUS-Statistics-Type      Authentication          1
VALUE   FreeRADIUS-Statistics-Type      Accounting              2
VALUE   FreeRADIUS-Statistics-Type      Proxy-Authentication    4
VALUE   FreeRADIUS-Statistics-Type      Proxy-Accounting        8
VALUE   FreeRADIUS-Statistics-Type      Internal                0x10
VALUE   FreeRADIUS-Statistics-Type      Client                  0x20
VALUE   FreeRADIUS-Statistics-Type      Server                  0x40
VALUE   FreeRADIUS-Statistics-Type      Home-Server             0x80

VALUE   FreeRADIUS-Statistics-Type      Auth-Acct               0x03
VALUE   FreeRADIUS-Statistics-Type      Proxy-Auth-Acct         0x0c

VALUE   FreeRADIUS-Statistics-Type      All                     0x1f
Need Change:
FR-Statistics-Type to FreeRADIUS-Statistics-Type
seebo
Posts: 1
Joined: Fri Apr 17, 2009 11:56 am

Post by seebo »

in my case poller.php generates this error:
04/17/2009 07:06:18 PM - POLLER: Poller[0] CACTI2RRD: /usr/bin/rrdtool update /var/www/cacti/rra/test2_auth_drop_99.rrd --template 1239987977:U
ERROR: Not enough arguments
04/17/2009 07:06:18 PM - POLLER: Poller[0] CACTI2RRD: /usr/bin/rrdtool update /var/www/cacti/rra/test2_acct_unknown_98.rrd --template 1239987977:U
ERROR: Not enough arguments

Can someone help me?
alxgomz
Posts: 25
Joined: Fri Nov 14, 2008 9:20 pm

Post by alxgomz »

kirgudu wrote:I see strange Queue Type:
Need Change:
FR-Statistics-Type to FreeRADIUS-Statistics-Type
Yes true... FR has to be changed into FreeRADUIS...

This was a tweak for my own config because of an old radius client complaining about too long attribute name... my bad
alxgomz
Posts: 25
Joined: Fri Nov 14, 2008 9:20 pm

Post by alxgomz »

@seebo

This doesn't tells much to me... is it at least related with the freeradius2 template?
If it is the only arguments you have to pass is the shared secret (for client authentication) and maybe udp port number (if your status server is not running at port 18120)

This should do the trick.
alxgomz
Posts: 25
Joined: Fri Nov 14, 2008 9:20 pm

Post by alxgomz »

Some more screenshots.
If someone could help me improve track installation problem, i'd be glad to write a clean howto.
Attachments
authentication requests graph
authentication requests graph
auth.png (53.7 KiB) Viewed 19776 times
accounting requests graph
accounting requests graph
acct.png (41.18 KiB) Viewed 19776 times
alxgomz
Posts: 25
Joined: Fri Nov 14, 2008 9:20 pm

Post by alxgomz »

updated version with FreeRadius-Statistics-Type instead of FR-Statistics-Type

See more recent posts for attachement.
Last edited by alxgomz on Mon Apr 26, 2010 8:32 pm, edited 1 time in total.
neteru
Posts: 37
Joined: Thu Oct 12, 2006 10:47 am

Post by neteru »

I updated the shell script slightly. On my system it was removing the newline, but not the tab that separated the individual attributes in the response. With that tab cacti was not recognizing the individual items and was not properly updating the rrd files.

This ensure there is a single space between the attributes and the graphs are now updated properly.
Attachments
radstatus.sh
(1.13 KiB) Downloaded 1373 times
alxgomz
Posts: 25
Joined: Fri Nov 14, 2008 9:20 pm

Post by alxgomz »

Thanks neteru for this update.
I tested it on my system and it doesn't seems to break anything. Then I updated my sccript too and wanna post a new tarball containing your update.
I also added the name of the statistics attribute as a variable, so that anyone can easily change it if needed (like I had to, see above).

P.S: please let me know if there is any problem for you with adding your script in the tarball.
See more recent posts for attachement.
Last edited by alxgomz on Mon Apr 26, 2010 8:32 pm, edited 1 time in total.
neteru
Posts: 37
Joined: Thu Oct 12, 2006 10:47 am

Post by neteru »

Fine with me. That's why I posted it back here. :)
misipino
Posts: 8
Joined: Wed Feb 17, 2010 6:41 am

Post by misipino »

Hi,

launching the script on the shell my output is:

[root@cacti scripts]# ./radstatus.sh auth 172.25.0.23 cacti

FreeRADIUS-Total-Access-Requests:4713 FreeRADIUS-Total-Access-Accepts:4719 FreeRADIUS-Total-Access-Rejects:0 FreeRADIUS-Total-Access-Challenges:0 FreeRADIUS-Total-Auth-Responses:4719 FreeRADIUS-Total-Auth-Duplicate-Requests:0 FreeRADIUS-Total-Auth-Malformed-Requests:0 FreeRADIUS-Total-Auth-Invalid-Requests:0 FreeRADIUS-Total-Auth-Dropped-Requests:0 FreeRADIUS-Total-Auth-Unknown-Types:0[root@cacti scripts]#

but in log there is:

04/25/2010 04:05:21 AM - CMDPHP: Poller[0] Host[21] DS[628] CMD: /var/www/html/cacti/scripts/radstatus.sh auth 172.25.0.23 cacti , output: U
04/25/2010 04:05:21 AM - CMDPHP: Poller[0] Host[21] DS[627] WARNING: Result from CMD not valid. Partial Result: U

There is anything to change in to radius server or client?

Thanks
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests