Freeradius 2 templates

alxgomz · Post by **alxgomz** » Mon Apr 26, 2010 7:47 pm

Hello,

I included corresponding data templates to the lastest archive below.
I don't know why I haven't done it earlier.... but whatever the reason was, it was a bad one.

Hopefully this should solve your problem!

misipino · Post by **misipino** » Tue Apr 27, 2010 6:01 am

misipino wrote:Hi,

launching the script on the shell my output is:

[root@cacti scripts]# ./radstatus.sh auth 172.25.0.23 cacti

FreeRADIUS-Total-Access-Requests:4713 FreeRADIUS-Total-Access-Accepts:4719 FreeRADIUS-Total-Access-Rejects:0 FreeRADIUS-Total-Access-Challenges:0 FreeRADIUS-Total-Auth-Responses:4719 FreeRADIUS-Total-Auth-Duplicate-Requests:0 FreeRADIUS-Total-Auth-Malformed-Requests:0 FreeRADIUS-Total-Auth-Invalid-Requests:0 FreeRADIUS-Total-Auth-Dropped-Requests:0 FreeRADIUS-Total-Auth-Unknown-Types:0[root@cacti scripts]#

but in log there is:

04/25/2010 04:05:21 AM - CMDPHP: Poller[0] Host[21] DS[628] CMD: /var/www/html/cacti/scripts/radstatus.sh auth 172.25.0.23 cacti , output: U
04/25/2010 04:05:21 AM - CMDPHP: Poller[0] Host[21] DS[627] WARNING: Result from CMD not valid. Partial Result: U

There is anything to change in to radius server or client?

Thanks

Two problem find and solved.
The file /usr/local/etc/raddb/dictionary must read from cactiuser (644)

In the script, the radclient path must be specified (/usr/local/bin)

echo -e "Message-Authenticator = $3\n$FR_STAT_ATTR_NAME = $QTYPE" |\
/usr/local/bin/radclient ${2}$UDP_PORT status $3 |\
sed '1d;s/\ =\ /:/' |\
tr -d '\n' |\
tr '\t' ' '

mamen · Post by **mamen** » Thu Jul 01, 2010 2:05 am

hi all!
Plz help me how to do it. i don't understand this note

Code: Select all

# This scripts allow you to send status-server packets
# to a radius server (which *MUST* support such packets... FreeRadius 2.x does!)
#
# YOU *MUST* configure your cacti server as a client for 
# a status listener in freeradius (using virtual server is a good idea)
#
# 	client cacti {
#		ipaddr = a.b.c.d
#		secret = is_a_secret
#		require-message-authenticator = no
#	}

tosage · Post by **tosage** » Wed Jul 28, 2010 5:12 am

@mamen

you must to declare your cacti server in the database of your freeradius, it's xritten in the first post of this thread.

So now i have a question, i have a message when i laucnh this command :

admtint@xxxxxx:/usr/share/cacti/site/scripts$ sudo ./radstatus.sh auth 1xx.xxx.xxx.xxx supervision
radclient:: expecting operator
admtint@xxxxxx:/usr/share/cacti/site/scripts$

When i notified the port (1812) i have this return :

radclient: Failed to find IP address for host 1xx.xxx.xxx.xxx

18120: Success

I have search on the web but i don't have found nothing about this, who can help me please

Thanks in advance

alxgomz · Post by **alxgomz** » Wed Jul 28, 2010 1:31 pm

If you want to use a specific port number (default is 18120 as in freeradius status-virtualserver example) you must pass the port number as the 4th argument of the cmdline instead of using a.b.c.d:port notation.

For the 'expected operator problem), please add "set -x at the beggining of radstatus.sh script in order to have more debug, and launch the cmd again.

tosage · Post by **tosage** » Wed Jul 28, 2010 1:55 pm

@alxgomz

tha ks for you answer so i ha e spÃ©cifies this port for see the symbole : which visible after the 18120 udp_port of the script.
I think the problem is here, in this : after the $UDP_PORT.
No?

Sorry for m'y english because it is so poor :/

Thanks

alxgomz · Post by **alxgomz** » Wed Jul 28, 2010 2:07 pm

@tosage

Sorry, not sure i understood you...
the cmdline should look like this:

Code: Select all

~$ ./radstatus.sh auth 1xx.xxx.xxx.xxx supervision 1812

please add the "set -x" at the beginning of the script and post the output here... it may help.

Thank you

tosage · Post by **tosage** » Wed Jul 28, 2010 2:23 pm

The -x debug info is for the radclient ?
So i must do this modification at the lign 45 :

radclient -x ${2}$UDP_PORT status $3 |\

No ?

alxgomz · Post by **alxgomz** » Wed Jul 28, 2010 2:46 pm

no, you have to add the line

Code: Select all

set -x

at the beginning of the file radstatus.sh (right after comments) and then

Code: Select all

./radstatus.sh auth 1xx.xxx.xxx.xxx supervision 1812

alxgomz · Post by **alxgomz** » Wed Jul 28, 2010 2:50 pm

@mamen

please see ${raddbdir}/sites-available/status (this file should be in all freeradius 2.x release)

tosage · Post by **tosage** » Wed Jul 28, 2010 3:15 pm

Here the result of the command with the set +x before the comments in the radstatus.sh

admtint@xxxxxxx:/usr/share/cacti/site/scripts$ sudo ./radstatus.sh auth 1xx.xxx.xxx.xxx supervision 1812
+ RADCLIENT=radclient
+ which /usr/bin/radclient
+ [ ! -x /usr/bin/radclient ]
+ [ -z 1812 ]
+ UDP_PORT=:1812
+ QTYPE=Authentication
+ echo -e Message-Authenticator = supervision\nFreeRADIUS-Statistics-Type = Authentication
+ tr \t
+ radclient -x 1xx.xxx.xxx.xxx:1812 status supervision
+ sed 1d;s/\ =\ /:/
+ tr -d \n
radclient:: expecting operator
admtint@xxxxxx:/usr/share/cacti/site/scripts$

alxgomz · Post by **alxgomz** » Wed Jul 28, 2010 3:41 pm

seems like there is something wrong with your radclient version.

can you try this:

Code: Select all

radclient -v

and

Code: Select all

echo -e 'Message-Authenticator = supervision\nFreeRADIUS-Statistics-Type = Authentication' | radclient -x 1xx.xxx.xxx.xxx:1812 status supervision

can you please paste here the config of your status virtualserver in freeradius2.

Thanks.

tosage · Post by **tosage** » Wed Jul 28, 2010 4:29 pm

admtint@xxxxxxx:/usr/share/cacti/site/scripts$ sudo radclient -v
radclient: $Id$ built on Sep 17 2009 at 17:22:14

I think the $Id$ isn't normal

Result of the echo -e xxxxx :

admtint@xxxxxxx:/usr/share/cacti/site/scripts$ sudo echo -e 'Message-Authenticator = supervision\nFreeRADIUS-Statistics-Type = Authentication' | radclient -x 1xx.xxx.xxx.xxx:1812 status supervision
Sending Status-Server of id 67 to xxx.xxx.xxxx.xxx port 1812
Message-Authenticator = 0x00000000000000000000000000000000
FreeRADIUS-Statistics-Type = Authentication
rad_recv: Access-Accept packet from host xxx.xxx.xxx.xxx port 1812, id=67, length=20

alxgomz · Post by **alxgomz** » Wed Jul 28, 2010 6:05 pm

The radius server sends you back an access accept whereas you sent a status request.
This is not normal and tends to proove that your status server is not properly configured (1812 is used for authentication, 1813 for accounting, and 1814 for proxying and 18120 can be used for status)

Please take a look at the comments at the beginning of the radstatus.sh script and/or ${raddbdir}/sites-availables/status in your freeradius installation.

If you can, please post the config of your status virtualserver

tosage · Post by **tosage** » Thu Jul 29, 2010 1:46 am

OK i go see this with the administrator of the radius server because i don't have rights on it.

I have try to launch the same command with the 18120 UDPport and i have this in result :

Sending Status-Server of id 246 to 1xx.xxx.xxx.xxx port 18120
Message-Authenticator = 0x00000000000000000000000000000000
FreeRADIUS-Statistics-Type = Authentication
Sending Status-Server of id 246 to 1xx.xxx.xxx.xxx port 18120
Message-Authenticator = 0x00000000000000000000000000000000
FreeRADIUS-Statistics-Type = Authentication
Sending Status-Server of id 246 to 1xx.xxx.xxx.xxx port 18120
Message-Authenticator = 0x00000000000000000000000000000000
FreeRADIUS-Statistics-Type = Authentication

I stop the result of this command via a CTRL+C

I look to my side and I'll let you know

Cacti

Freeradius 2 templates

Who is online