Freeradius 2 templates

[tosage]

Hey all,

my dba has corrected the problem of connection on freeradius, now this command function :

admtint@xxxxxxxxx:/usr/share/cacti/site/scripts$ sudo echo -e 'Message-Authenticator = supervision\nFreeRADIUS-Statistics-Type = Authentication' | radclient 1xx.xxx.xxx.xxx:18120 status supervision
Received response ID 60, code 2, length = 140
FreeRADIUS-Total-Access-Requests = 1825
FreeRADIUS-Total-Access-Accepts = 288
FreeRADIUS-Total-Access-Rejects = 26
FreeRADIUS-Total-Access-Challenges = 1517
FreeRADIUS-Total-Auth-Responses = 1831
FreeRADIUS-Total-Auth-Duplicate-Requests = 0
FreeRADIUS-Total-Auth-Malformed-Requests = 0
FreeRADIUS-Total-Auth-Invalid-Requests = 0
FreeRADIUS-Total-Auth-Dropped-Requests = 0
FreeRADIUS-Total-Auth-Unknown-Types = 0

So the sudo ./radstatus.sh auth 1xx.xxx.xxx.xxx supervision 18120 return a

radclient:: expecting operator

Result my graph is fix to nan value snifffff

[alxgomz]

hmhm...

Looking back to your post with the output of "set -x" (Wed Jul 28, 2010 10:15 am).
I seems like someone, somehow modified the radstatus.sh script (or you wrongly pasted the output).
Indeed, you have a tr' command right after the 'echo' command which 'tr' should be placed after the other 'tr' command.
Furthermore strings should be quoted in th 'tr' commands and and look not to be in your output...
Please download again the lastest (at time of writing) archive of the templates (Mon Apr 26, 2010 2:47 pm) and overide radstatus.sh.

Test again and if it fails please sends the output wit hset -x enabled.

Thanks

P.S: reguler output of the script (with set -x) should be:

Code: Select all

~$ ./radstatus.sh auth a.b.c.d supervision
+ RADCLIENT=radclient
+ FR_STAT_ATTR_NAME=FR-Statistics-Type
++ which radclient
+ '[' '!' -x /usr/bin/radclient ']'
+ '[' -z ']'
+ UDP_PORT=:18120
+ case $1 in
+ QTYPE=Authentication
+ echo -e 'Message-Authenticator = supervision\nFR-Statistics-Type = Authentication'
+ radclient a.b.c.d:18120 status supervision
+ sed '1d;s/\ =\ /:/'
+ tr -d '\n'
+ tr '\t' ' '
 FR-Total-Access-Requests:18395356 FR-Total-Access-Accepts:5775475 FR-Total-Access-Rejects:12645568 FR-Total-Access-Challenges:0 FR-Total-Auth-Responses:18421043 FR-Total-Auth-Duplicate-Requests:113 FR-Total-Auth-Malformed-Requests:0 FR-Total-Auth-Invalid-Requests:0 FR-Total-Auth-Dropped-Requests:113 FR-Total-Auth-Unknown-Types:0

[tosage]

This is my return of the command, like idem of my before post the 28th Julho :

admtint@xxxxxxxx:/usr/share/cacti/site/scripts$ sudo ./radstatus.sh auth 1xx.xx.xx.xx supervision
+ RADCLIENT=radclient
+ FR_STAT_ATTR_NAME=FreeRADIUS-Statistics-Type
+ which radclient
+ [ ! -x /usr/bin/radclient ]
+ [ -z ]
+ UDP_PORT=:18120
+ QTYPE=Authentication
+ echo -e Message-Authenticator = supervision\nFreeRADIUS-Statistics-Type = Authentication
+ radclient 1xx.xx.xx.xx:18120 status supervision
+ sed 1d;s/\ =\ /:/
+ tr -d \n
+ tr \t
radclient:: expecting operator

in the result i don't see the little quote, i don't know why

I'm under a Ubuntu Server 10.04

[alxgomz]

It might be related to the shell you use.
The script is tested which bash, but the interpreter specified in the script is /bin/sh because it's more general.

What shell are you using on your cacti server (or on the machine you test the script)?
If bash is installed you can specify the script to use bash instead of sh by modifying the first line of the script to make in point to the path where bash lives.

If you don't have bash installed you'll need to adjust the script to make in work with your shell.

[tosage]

I have do the modification copy the to the format radstatus and it work fine

had two problems though with your help they are fixed:

Incorrect declaration of the virtual-server for the cacti server in FreeRadius and command interpreter (bash works better now on a Debian like)
I hope this thread can help others.


Thanks a lot alxgomz for your help

Is the night here in France so i go to my bed

Bye

[alxgomz]

ok ben bonne nuit alors

[tosage]

Me dit pas que tu es Français ou parle très bien le français... lol

[lscrlstld]

Hi,

launching the script on the shell my output is:

[root@cacti scripts]# ./radstatus.sh auth 172.25.0.23 cacti

FreeRADIUS-Total-Access-Requests:4713 FreeRADIUS-Total-Access-Accepts:4719 FreeRADIUS-Total-Access-Rejects:0 FreeRADIUS-Total-Access-Challenges:0 FreeRADIUS-Total-Auth-Responses:4719 FreeRADIUS-Total-Auth-Duplicate-Requests:0 FreeRADIUS-Total-Auth-Malformed-Requests:0 FreeRADIUS-Total-Auth-Invalid-Requests:0 FreeRADIUS-Total-Auth-Dropped-Requests:0 FreeRADIUS-Total-Auth-Unknown-Types:0[root@cacti scripts]#

but in log there is:

04/25/2010 04:05:21 AM - CMDPHP: Poller[0] Host[21] DS[628] CMD: /var/www/html/cacti/scripts/radstatus.sh auth 172.25.0.23 cacti , output: U
04/25/2010 04:05:21 AM - CMDPHP: Poller[0] Host[21] DS[627] WARNING: Result from CMD not valid. Partial Result: U

There is anything to change in to radius server or client?

Thanks

Two problem find and solved.
The file /usr/local/etc/raddb/dictionary must read from cactiuser (644)

In the script, the radclient path must be specified (/usr/local/bin)

echo -e "Message-Authenticator = $3\n$FR_STAT_ATTR_NAME = $QTYPE" |\
/usr/local/bin/radclient ${2}$UDP_PORT status $3 |\
sed '1d;s/\ =\ /:/' |\
tr -d '\n' |\
tr '\t' ' '

I have the same problem: "08/17/2010 10:50:01 PM - CMDPHP: Poller[0] Host[2] DS[19] WARNING: Result from CMD not valid. Partial Result: U "

But the script run correctly... here
Script: /usr/local/share/cacti/scripts/radstatus.sh auth 127.0.0.1 adminsecret 18120
RRD: /usr/local/share/cacti/rra/radius_tds_auth_drop_19.rrd

# /usr/local/share/cacti/scripts/radstatus.sh acct 127.0.0.1 adminsecret 18120
FreeRADIUS-Total-Accounting-Requests:5 FreeRADIUS-Total-Accounting-Responses:5 FreeRADIUS-Total-Acct-Duplicate-Requests:0 FreeRADIUS-Total-Acct-Malformed-Requests:0 FreeRADIUS-Total-Acct-Invalid-Requests:0 FreeRADIUS-Total-Acct-Dropped-Requests:0 FreeRADIUS-Total-Acct-Unknown-Types:0#
# /usr/local/share/cacti/scripts/radstatus.sh auth 127.0.0.1 adminsecret 18120
FreeRADIUS-Total-Access-Requests:0 FreeRADIUS-Total-Access-Accepts:1 FreeRADIUS-Total-Access-Rejects:0 FreeRADIUS-Total-Access-Challenges:0 FreeRADIUS-Total-Auth-Responses:1 FreeRADIUS-Total-Auth-Duplicate-Requests:0 FreeRADIUS-Total-Auth-Malformed-Requests:0 FreeRADIUS-Total-Auth-Invalid-Requests:0 FreeRADIUS-Total-Auth-Dropped-Requests:0 FreeRADIUS-Total-Auth-Unknown-Types:0#

I made the changes and download the lasted version.

Have anyone some suggestion?

Thx

[alxgomz]

try running ths script as the same user that runs the cacti poller...
If it runs OK then I might be something wrong with the parameter you set in cacti...?

[lscrlstld]

try running ths script as the same user that runs the cacti poller...
If it runs OK then I might be something wrong with the parameter you set in cacti...?

The problem was no permission and no path, I correted it, and all OK now. Thank.

Another question: What is the two decimal values? for sample "Acct request: 366.86 m" ?

Is it some statistic calcule?

[alxgomz]

if you're talking about value displayed by cacti, it's the result cacti's math to report queries/s while getting numbers of queries from the scripts.
I guess it's because data source type is set to counter.

You can change this in the graph template using CDE functions like "make per 1 minute" or "make per 5 minutes" if your radius doesn't have "enough" incomming queries.

[blazted]

I am trying to set this up. Do you need to setup server-status module for Freeradius to get this to work?

[alxgomz]

Yes. It is mandatory.

[gilubilu]

I am trying to monitor the freeradius server by running a shell script (defined in previous posts) that sends the..

echo "Message-Authenticator = 0x00, FreeRADIUS-Statistics-Type = 3" | radclient 192.168.0.12:18120 status testing123

however when running the script I get the following

Code: Select all

which: no radclient in (/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
./radstatus.sh: line 46: radclient: command not found

do I need to have the radclient installed locally on the server running cacti or should it work without the radclient installed locally???

I was under the impression that cacti would somehow connect to the freeradius server and send the command there (to avoid the need for a local radclient)

thanks

[tosage]

Hello,

You need radiusclient package on the server that execute the radstatus.sh