Statistics tool?

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Wed Jun 13 16:45:18 CEST 2007


Dennis Skinner wrote:
> Alan Dekok wrote:
>> Graham Beneke wrote:
>>> Does anyone know of any system that could be used to remotely monitor if
>>> a radius server is up?
>>   radclient?  Send the server a Status-Server request, and it should
>> respond.  See radiusd.conf for more.
>>
>>> Something along the lines of radtest and then you would add a nasclient
>>> line for each testing location and dummy users entry that can be queried
>>> by the test location.
>>   That's not needed.
> 
> Except I don't think that will test your db connection (if you have
> one).  If you use radclient to do a full auth test, you get a better
> idea as to the status of the entire service instead of just the daemon.
> 

Yes, pretty damn important.

It's worth checking the return codes of certain modules like rlm_sql and 
rlm_ldap and sometimes invoking another module on failure, like a 
secondary emergency users file with static accounts.. Just in case 
something goes horribly wrong with your SQL/LDAP server.

Here we use RADIUS for authenticating users on the administrative 
interface of our edge switches, as well as doing port access 
authentication on the edge ports.

During early testing our SQL server died, which meant no one could log 
into any of the switches on our residential network...

Although our switches fail over to local statically configured passwords 
if they can't reach a radius server.. the RADIUS server was up .. it 
just wasn't authorising any users :)


Actually ... it might be an idea to add another return path which drops 
the request and sends no reply, just to make the RADIUS server seem dead 
if any of it's critical dependencies fail.

Though I offer no patches ;)

-- 
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900



More information about the Freeradius-Users mailing list