RadiusAuthMonitor

This monitor allows to test the functionality of the RADIUS authentication system. The availability is tested by sending an AUTH packet to the RADIUS server. If a valid ACCEPT response is received, the RADIUS service is up and considered as available.

To use this monitor it is required to install the RADIUS protocol for OpenNMS HORIZON.
{apt-get,yum} install {opennms-package-base-name}-plugin-protocol-radius

The test is similar to test the behavior of a RADIUS server by evaluating the result with the command line tool radtest.

root@vagrant:~# radtest "John Doe" hello 127.0.0.1 1812 radiuspassword
Sending Access-Request of id 49 to 127.0.0.1 port 1812
        User-Name = "John Doe"
        User-Password = "hello"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1812
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=49, length=37 (1)
        Reply-Message = "Hello, John Doe"
1 The Access-Accept message which is evaluated by the monitor.
Monitor facts

Class Name

org.opennms.protocols.radius.monitor.RadiusAuthMonitor

Remote Enabled

false

Configuration and Usage
Table 1. Monitor specific parameters for the RadiusAuthMonitor
Parameter Description Required Default value

timeout

Time in milliseconds to wait for the RADIUS service.

optional

5000

retry

This is a placeholder for the second optional monitor parameter description.

optional

0

authport

RADIUS authentication port.

optional

1812

acctport

RADIUS accounting port.

optional

1813

user

Username to test the authentication

optional

OpenNMS

password

Password to test the authentication

optional

OpenNMS

secret

The RADIUS shared secret used for communication between the client/NAS and the RADIUS server.

optional

secret

authtype

RADIUS authentication type. The following authentication types are supported: chap, pap, mschapv1, mschapv2, eapmd5, eapmschapv2

optional

pap

nasid

The Network Access Server identifier originating the Access-Request.

optional

opennms

Examples

Example configuration how to configure the monitor in the poller-configuration.xml.

<service name="Radius-Authentication" interval="300000" user-defined="false" status="on">
  <parameter key="retry" value="3" />
  <parameter key="timeout" value="3000" />
  <parameter key="user" value="John Doe" />
  <parameter key="password" value="hello" />
  <parameter key="secret" value="radiuspassword" />
  <parameter key="rrd-repository" value="/var/lib/opennms/rrd/response" />
  <parameter key="ds-name" value="radiusauth" />
</service>

<monitor service="Radius-Authentication" class-name="org.opennms.protocols.radius.monitor.RadiusAuthMonitor" />