Create a Service to test Eduroam Server Availability
Following guide will allow you to create a Icinga2 Director Service template to test eduroam freeradius installation by testing radius authentication connectivity from your monitoring server on Ubuntu 20.04.
Requirements
- Become root user.
sudo su
- Install eap test and rad eap test packages on your Icinga monitoring server.
apt-get install git libssl-dev devscripts pkg-config libnl-3-dev libnl-genl-3-dev cd ~ git clone --depth 1 --no-single-branch https://github.com/FreeRADIUS/freeradius-server.git cd freeradius-server/scripts/ci/ ./eapol_test-build.sh cp ./eapol_test/eapol_test /usr/local/bin/ cd ~ mkdir rad_eap_test cd rad_eap_test wget https://raw.githubusercontent.com/CESNET/rad_eap_test/master/rad_eap_test chmod +x rad_eap_test cp rad_eap_test /usr/local/bin/
- On your FreeRadius Server, add the monitoring IP as an client on
/etc/freeradius/clients.confor/etc/freeradius/3.0/clients.confand restart the freeradius service.
client monitor_icinga {
ipaddr = a.b.c.d
secret = <Shared_Secret>
}
- Back on your Monitoring Server,
Test user auth by
rad_eap_test -H <Freeradius_server_IP> -P 1812 -S <Shared_Secret> -u <username@YOUR-DOMAIN> -p <user_pass> -m WPA-EAP -e PEAP
You should receive anaccess-accept
- Next, download the monitoring plugin to icinga plugin directory ( we should use a script from REANNZ )
cd /usr/lib/nagios/plugins wget https://raw.githubusercontent.com/REANNZ/etcbd/master/environment/icinga/content/usr/local/lib/nagios/plugins/check_eduroam_login.pl chmod 755 check_eduroam_login.pl
Director Configurations
You have to,
- Create custom Plugin Check Command
- Add required Arguments
- Create custom field Category
- Create custom fields
- Create a Service Template
- Create Host for the FreeRadius Server
- Create a Service and associate it with the created host
Create Custom Check Command
- Goto
Director-->Commands-->+Addand create the Commandeduroam-eap
- Goto
Argumentstab of theeduroam-eapcommand and add following Arguments. ( Args marked in red arrows have to be created with special care )
Arguments marked in red have to be created as follows:
- Argument
-C
- Argument
-d
- Argument
-v
- Argument
-I
- Argument
-O
- Finally, the command Preview should be similar to:
object CheckCommand "eduroam-eap" {
import "plugin-check-command"
command = [ PluginDir + "/check_eduroam_login.pl" ]
arguments += {
"-2" = "MSCHAPV2"
"-C" = {
set_if = "$eduroam_request_cui$"
}
"-H" = "$address$"
"-I" = {
description = "NAS IP address"
set_if = {{
return len(macro("$eduroam_nas_ip_address$")) >0
}}
value = "$eduroam_nas_ip_address$"
}
"-O" = {
description = "Eduroam Operator Name"
set_if = {{
return len(macro("$eduroam_operator_name$")) >0
}}
value = "$eduroam_operator_name$"
}
"-P" = "$eduroam_port$"
"-d" = {
set_if = {{
return macro("$eduroam_verbosity$") == 2
}}
}
"-e" = "PEAP"
"-m" = "WPA-EAP"
"-p" = "$eduroam_password$"
"-s" = "$eduroam_secret$"
"-u" = "$eduroam_user$"
"-v" = {
set_if = {{
return macro("$eduroam_verbosity$") == 1
}}
}
}
}
- Deploy the changes.
Create Custom Fields
Since the new command eduroam-eap requires custom values as input arguments, we need to create them on Director
- Create a Field Category.
Go to
Icinga Director-->Data Field Categories-->+Add
- Create Custom Data Fields.
Go to
Icinga Director-->Data Fields-->+Addand create all following fields.
Field Name Caption Data Field Category Data type eduroam_request_cui eduROAM Request CUI eduROAM Specific Data Boolean eduroam_user eduROAM UserName eduROAM Specific Data String / Visible eduroam_verbosity eduROAM verbosity eduROAM Specific Data Boolean eduroam_operator_name eduROAM Operator Name eduROAM Specific Data String / Visible eduroam_password eduROAM User Password eduROAM Specific Data String / Hidden eduroam_port Port eduROAM Specific Data Number eduroam_secret Shared Secret eduROAM Specific Data String / Hidden
Create Service Template
- Goto
Icinga Director-->Services-->Service Templates-->+Addput the following details and clickAdd
- Goto
Fieldstab of theCheck Eduroamtemplate. Add following Fields.
- Now go back to Service tab and add the following details. (Put your own value to the circled part) and click
Store
Create Host
- Goto
Icinga Director-->Hosts-->Hosts-->+Addand create a generic host with your FreeRadius Server details.
Create Service
- Goto
Icinga Director-->Services-->Single Services-->+Addput the appropriate details and clickAdd
( Shared Secret: Key used for freeradius pairing )
( Paasword: Password for the eduroam test user )
- Then Deploy the settings.
Last modified
3 years ago
Last modified on May 31, 2021, 5:08:54 PM
Attachments (12)
- Args-eduroam-eap-c.png (71.6 KB ) - added by 3 years ago.
- Args-eduroam-eap.png (69.5 KB ) - added by 3 years ago.
- create-eduroam-eap.png (62.1 KB ) - added by 3 years ago.
- Args-eduroam-eap-O.png (89.5 KB ) - added by 3 years ago.
- Args-eduroam-eap-I.png (85.7 KB ) - added by 3 years ago.
- Args-eduroam-eap-v.png (76.4 KB ) - added by 3 years ago.
- Args-eduroam-eap-d.png (76.8 KB ) - added by 3 years ago.
- Data-cat.png (38.3 KB ) - added by 3 years ago.
- eduroam-check-service.png (108.2 KB ) - added by 3 years ago.
- eduroam-check-service-temp2.png (91.5 KB ) - added by 3 years ago.
- eduroam-check-service-temp-fields.png (50.6 KB ) - added by 3 years ago.
- eduroam-check-service-temp.png (122.3 KB ) - added by 3 years ago.
Download all attachments as: .zip
Note:
See TracWiki
for help on using the wiki.
