Skip to main content

Radius Service

Overview​

The Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that allows centralized authentification.

The Centreon Monitoring Connector Radius Service aims to collect the status and response time of a RADIUS server login.

Pack assets​

Monitored objects​

  • RADIUS server

Collected metrics & status​

Metric nameDescriptionUnit
statusLogin status
radius.response.time.secondsLogin response timeseconds

Prerequisites​

For this Monitoring Connector you will need :

  • A RADIUS server
  • An username and password used for authentication
  • The RADIUS server secret

Setup​

  1. Install the Centreon package on every Centreon poller expected to monitor RADIUS ressources:
yum install centreon-plugin-Applications-Protocol-Radius
  1. On the Centreon Web interface, install the Radius Service Centreon Monitoring Connector on the Configuration > Monitoring Connector Manager page

Configuration​

Host​

  • Log into Centreon and add a new Host through "Configuration > Hosts".
  • Fill the "Name", "Alias" & "IP Address / DNS" fields according to your RADIUS Server settings
  • Select the Applications-Protocol-Radius-custom template to apply to the Host
  • Once the template applied, some Macros marked as 'Mandatory' hereafter have to be configured.
MandatoryNameDescription
XRADIUSUSERNAMERADIUS server username
XRADIUSPASSWORDRADIUS server password
XRADIUSADDRRADIUS server address
XRADIUSSECRETRADIUS server shared secret
EXTRAOPTIONSAny extra option you may want to add to every command_line (eg. a --verbose flag)

How to check in the CLI that the configuration is OK and what are the main options for ?​

Once the plugin installed, log into your Centreon Poller CLI using the centreon-engine user account and test the Plugin by running the following command:

/usr/lib/centreon/plugins//centreon_protocol_radius.pl  \
--plugin=apps::protocols::radius::plugin \
--mode=login \
--hostname= \
--secret='' \
--username='' \
--password='' \
--warning-status='' \
--critical-status='%{status} ne "accepted"' \
--warning-time='2' \
--critical-time='3' \
--use-new-perfdata

Expected command output is shown below:

OK : Radius Access Request Status: accepted | 'radius.response.time.seconds'=1s;0:2;0:3;; 

This command would trigger a WARNING alarm if the login response time is reported as over 2 seconds (--warning-time='2') and a CRITICAL alarm over 3 seconds (--critical-time='3') or if the login status if different than "accepted".

All available options for a given mode can be displayed by adding the --help parameter to the command:

/usr/lib/centreon/plugins//centreon_protocol_radius.pl  \
--plugin=apps::protocols::radius::plugin \
--mode=login \
--help

All available options for a given mode can be displayed by adding the --list-mode parameter to the command:

/usr/lib/centreon/plugins//centreon_protocol_radius.pl  \
--plugin=apps::protocols::radius::plugin \
--list-mode

Troubleshooting​

UNKNOWN: Login endpoint returns error code 'Auth_TIMEOUT' ​

If you get this message, you're probably facing one of theses issues:

  • Your RADIUS server isn't started
  • An external device is blocking your request (firewall, ...)

UNKNOWN: Login endpoint returns error code 'Bad Response from server' ​

This error means the secret used to authenticate the RADIUS server is wrong.