RadiusAuthMonitor

This monitor lets you test the functionality of the RADIUS authentication system. The availability is tested by sending an AUTH packet to the RADIUS server. If a valid ACCEPT response is received, the RADIUS service is up and considered available. This monitor implements placeholder substitution in parameter values.

To use this monitor it is required to install the RADIUS protocol for Horizon.

For RPM-based distributions:

yum install opennms-plugin-protocol-radius

For Debian-based distributions:

apt-get install opennms-plugin-protocol-radius

The test is similar to test the behavior of a RADIUS server by evaluating the result with the command line tool radtest.

root@vagrant:~# radtest "John Doe" hello 127.0.0.1 1812 radiuspassword
Sending Access-Request of id 49 to 127.0.0.1 port 1812
	User-Name = "John Doe"
	User-Password = "hello"
	NAS-IP-Address = 127.0.0.1
	NAS-Port = 1812
	Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=49, length=37 (1)
	Reply-Message = "Hello, John Doe"

1	The `Access-Accept` message which is evaluated by the monitor.

Monitor Facts

Class Name

org.opennms.protocols.radius.monitor.RadiusAuthMonitor

Remote Enabled

false

Configuration and Use

Table 1. Monitor specific parameters for the RadiusAuthMonitor
Parameter	Description	Required	Default value	Placeholder substitution
`timeout`	Time in milliseconds to wait for the RADIUS service.	optional	`5000`	No
`retry`	This is a placeholder for the second optional monitor parameter description.	optional	`0`	No
`authport`	RADIUS authentication port.	optional	`1812`	No
`acctport`	RADIUS accounting port.	optional	`1813`	No
`user`	Username to test the authentication	optional	`OpenNMS`	Yes
`password`	Password to test the authentication	optional	`OpenNMS`	Yes
`secret`	The RADIUS shared secret used for communication between the client/NAS and the RADIUS server.	optional	`secret`	Yes
`authtype`	RADIUS authentication type. The following authentication types are supported: `chap`, `pap`, `mschapv1`, `mschapv2`, `eapmd5`, `eapmschapv2`, `eapttls`	optional	`pap`	No
`nasid`	The Network Access Server identifier originating the Access-Request.	optional	`opennms`	Yes
`inner-protocol`	When using EAP-TTLS authentication, this property indicates the tunnelled authentication type. Only `pap` is currently supported.	optional	`pap`	No
`inner-user`	Username for the tunnelled `pap` authentication when using EAP-TTLS.	optional	`Inner-OpenNMS`	Yes

This monitor implements the Common Configuration Parameters.

Examples

Example configuration how to configure the monitor in the poller-configuration.xml.

<service name="Radius-Authentication" interval="300000" user-defined="false" status="on">
  <parameter key="retry" value="3" />
  <parameter key="timeout" value="3000" />
  <parameter key="user" value="John Doe" />
  <parameter key="password" value="hello" />
  <parameter key="secret" value="radiuspassword" />
  <parameter key="rrd-repository" value="/var/lib/opennms/rrd/response" />
  <parameter key="ds-name" value="radiusauth" />
</service>

<monitor service="Radius-Authentication" class-name="org.opennms.protocols.radius.monitor.RadiusAuthMonitor" />