an intermittant PAP auth problem
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Wed Nov 7 12:50:24 CET 2007
hi,
we use nagios to monitor our freeradius install. this is using
the adv_radius_check plugin to check from the nagios servers a
user on the freeradius server (in the users file), the following
are the succinct details
users file entry
nagios-user Huntgroup-Name == "nagios", Cleartext-Password := "password", Autz-Type := nagios-check
Reply-Message = "This server is active",
Fall-Through = No
huntgroup file
nagios Client-IP-Address == 127.0.0.1
nagios Client-IP-Address == 10.1.1.2
nagios Client-IP-Address == 10.1.1.3
sites-enabled/default auth entry
authorize {
Autz-Type nagios-check {
files
ok = return
}
}
okay. so the user authentication tests fine with radtest on the radius server....and it works fine
from the 2 nagios boxes...almost always. occasionally we see the following error come through during
the 5-minute interval tests.......
Wed Nov 7 11:21:40 2007 : Auth: Login OK: [nagios-user] (from client 10.1.1.2 port 0)
Wed Nov 7 11:26:40 2007 : Auth: Login incorrect: [nagios-user] (from client 10.1.1.2 port 0)
Wed Nov 7 11:29:40 2007 : Auth: Login OK: [nagios-user] (from client 10.1.1.2 port 0)
of course, when that 11:26:40 event occurred, nagios claims a problem with the RADIUS.
now, the check method is the same, the password is the same, the IP is the same, in essence
nothing changes at all between each 5-minute test (the last entry 11:29:40 is quicker
than a 5 minute interval as nagios catches up with failed events within a following window)
and this is just plain PAP check in users file.
so why is it occasionally failing? has anyone else seen this sort of activity?
alan
More information about the Freeradius-Users
mailing list