SNMP apparently not working with FreeRadius 1.0.1 and above on Centos 4.2

klkbranch at hotmail.com klkbranch at hotmail.com
Wed Jan 25 17:50:11 CET 2006 

Hi,

I am new to this list, though I've been using FreeRadius 0.9.3 for a few
years now.  My present
goal is to get a newer version of FreeRadius (running on Centos 4.2) to
work with snmp. 
Though I have carefully followed the snmp setup instructions as
documented in radiusd.conf and
snmp.conf, I have yet to get radiusd to attempt SMUX initialization
(from output of radiusd -X).
Net-snmp is already working (stock Centos rpm net-snmp-5.1.2-11.EL4.6). 
I have tried
the stock Centos freeradius rpm (freeradius-1.0.1-3.RHEL4.i386.rpm).  I
have also tried
tarball installs of freeradius 1.0.1, 1.0.2, 1.0.5, and 1.1.0, with the
"--with-snmp" option, with
no success.  Nothing results in any SMUX-related output from radiusd -X.

After reading this thread,
  
http://lists.freeradius.org/mailman/htdig/freeradius-users/2005-April/042864.html
it appeared I needed some kind of patch.

Near the end of that thread, Kevin Bonner gave this solution:

You're using Net-SNMP in RHAS4.  FreeRADIUS 1.0.2 doesn't have the net-snmp
compatibility fix.  You can find the patch at
http://lists.freeradius.org/archives/freeradius-users/2004/10/frm00210.html
Apply that patch, rebuild, and it should work.

Unfortunately this  link is now broken.  However, after some more
digging it appeared Kevin was
probably referring to:
    freeradius-0.9.3-net-snmp.patch
which I was able to download from another source.

I was able to successfully apply this patch to FreeRadius 1.0.1, 1.0.2,
1.0.5, and 1.1.0, and the
subsequent compiles were successful, but still radiusd -X makes no
references to SMUX and
snmp queries for freeradius OIDs fail as before.  I'm at my wit's end
about what to try next, and
would sincerely appreciate any light you all might be able to shed on
this issue.

My /usr/local/etc/radiusd.conf file contains
    snmp    = yes
    $INCLUDE  ${confdir}/snmp.conf

My /usr/local/etc/snmp.conf file contains
    smux_password = verysecret

My /etc/snmp/snmpd.conf file contains
    rocommunity public
    smuxpeer .1.3.6.1.4.1.3317.1.3.1 verysecret

But every time I run this on the server
    snmpwalk -v2c -cpublic 127.0.0.1 .1.3.6.1.2.1.67
I get this result
    SNMPv2-SMI::mib-2.67 = No Such Object available on this agent at
this OID

Here is an example of the output I get from radiusd -X  (when using
1.0.5 in this case):

Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/eap.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/usr/local/var"
 main: logdir = "/usr/local/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/usr/local/var/log/radius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/usr/local/var/log/radius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
 main: user = "(null)"
 main: group = "(null)"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/local/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = yes
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
 exec: wait = yes
 exec: program = "(null)"
 exec: input_pairs = "request"
 exec: output_pairs = "(null)"
 exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
 pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: with_ntdomain_hack = no
 mschap: passwd = "(null)"
 mschap: authtype = "MS-CHAP"
 mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
 unix: cache = no
 unix: passwd = "(null)"
 unix: shadow = "(null)"
 unix: group = "(null)"
 unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
 eap: default_eap_type = "md5"
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
 gtc: challenge = "Password: "
 gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
 mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
 preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
 preprocess: hints = "/usr/local/etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
 realm: format = "suffix"
 realm: delimiter = "@"
 realm: ignore_default = no
 realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
 files: usersfile = "/usr/local/etc/raddb/users"
 files: acctusersfile = "/usr/local/etc/raddb/acct_users"
 files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
 files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
 acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
 detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
 radutmp: filename = "/usr/local/var/log/radius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: case_sensitive = yes
 radutmp: check_with_nas = yes
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.


Thanks in advace for your assistance,
Kevin Branch

More information about the Freeradius-Users mailing list