= Create a Service to test Eduroam Server Availability = Following guide will allow you to create a Icinga2 Director Service template to test eduroam freeradius installation by testing radius authentication connectivity from your monitoring server on Ubuntu 20.04. == Requirements == * Become root user. `sudo su` * Install eap test and rad eap test packages on your Icinga monitoring server. {{{ apt-get install git libssl-dev devscripts pkg-config libnl-3-dev libnl-genl-3-dev cd ~ git clone --depth 1 --no-single-branch https://github.com/FreeRADIUS/freeradius-server.git cd freeradius-server/scripts/ci/ ./eapol_test-build.sh cp ./eapol_test/eapol_test /usr/local/bin/ cd ~ mkdir rad_eap_test cd rad_eap_test wget https://raw.githubusercontent.com/CESNET/rad_eap_test/master/rad_eap_test chmod +x rad_eap_test cp rad_eap_test /usr/local/bin/ }}} * On your !FreeRadius Server, add the monitoring IP as an client on `/etc/freeradius/clients.conf` or `/etc/freeradius/3.0/clients.conf` and restart the freeradius service. {{{ client monitor_icinga { ipaddr = a.b.c.d secret = } }}} * Back on your Monitoring Server, Test user auth by `rad_eap_test -H -P 1812 -S -u -p -m WPA-EAP -e PEAP` [[br]]You should receive an `access-accept` * Next, download the monitoring plugin to icinga plugin directory ( we should use a script from REANNZ ) {{{ cd /usr/lib/nagios/plugins wget https://raw.githubusercontent.com/REANNZ/etcbd/master/environment/icinga/content/usr/local/lib/nagios/plugins/check_eduroam_login.pl chmod 755 check_eduroam_login.pl }}} == Director Configurations == You have to, * Create custom Plugin Check Command * Add required Arguments * Create custom field Category * Create custom fields * Create a Service Template * Create Host for the !FreeRadius Server * Create a Service and associate it with the created host === Create Custom Check Command === * Goto `Director` --> `Commands` --> `+Add` and create the Command `eduroam-eap` [[Image(create-eduroam-eap.png, 700px, nolink)]] * Goto `Arguments` tab of the `eduroam-eap` command and add following Arguments. ( Args marked in red arrows have to be created with special care ) [[Image(Args-eduroam-eap.png, 600px, nolink)]] Arguments marked in red have to be created as follows: * Argument `-C` [[Image(Args-eduroam-eap-c.png, 550px, nolink)]] * Argument `-d` [[Image(Args-eduroam-eap-d.png, 550px, nolink)]] * Argument `-v` [[Image(Args-eduroam-eap-v.png, 550px, nolink)]] * Argument `-I` [[Image(Args-eduroam-eap-I.png, 550px, nolink)]] * Argument `-O` [[Image(Args-eduroam-eap-O.png, 550px, nolink)]] * Finally, the command Preview should be similar to: {{{ object CheckCommand "eduroam-eap" { import "plugin-check-command" command = [ PluginDir + "/check_eduroam_login.pl" ] arguments += { "-2" = "MSCHAPV2" "-C" = { set_if = "$eduroam_request_cui$" } "-H" = "$address$" "-I" = { description = "NAS IP address" set_if = {{ return len(macro("$eduroam_nas_ip_address$")) >0 }} value = "$eduroam_nas_ip_address$" } "-O" = { description = "Eduroam Operator Name" set_if = {{ return len(macro("$eduroam_operator_name$")) >0 }} value = "$eduroam_operator_name$" } "-P" = "$eduroam_port$" "-d" = { set_if = {{ return macro("$eduroam_verbosity$") == 2 }} } "-e" = "PEAP" "-m" = "WPA-EAP" "-p" = "$eduroam_password$" "-s" = "$eduroam_secret$" "-u" = "$eduroam_user$" "-v" = { set_if = {{ return macro("$eduroam_verbosity$") == 1 }} } } } }}} * Deploy the changes. === Create Custom Fields === Since the new command `eduroam-eap` requires custom values as input arguments, we need to create them on `Director` * Create a Field Category. Go to `Icinga Director` --> `Data Field Categories` --> `+Add` [[Image(Data-cat.png, 450px, nolink)]] * Create Custom Data Fields. Go to `Icinga Director` --> `Data Fields` --> `+Add` and create all following fields. ||= Field Name =||= Caption =||= Data Field Category =||= Data type =|| || eduroam_request_cui || eduROAM Request CUI || eduROAM Specific Data || Boolean || || eduroam_user || eduROAM !UserName || eduROAM Specific Data || String / Visible || || eduroam_verbosity || eduROAM verbosity || eduROAM Specific Data || Boolean || || eduroam_operator_name || eduROAM Operator Name || eduROAM Specific Data || String / Visible || || eduroam_password || eduROAM User Password || eduROAM Specific Data || String / Hidden || || eduroam_port || Port || eduROAM Specific Data || Number || || eduroam_secret || Shared Secret || eduROAM Specific Data || String / Hidden || === Create Service Template === * Goto `Icinga Director` --> `Services` --> `Service Templates` --> `+Add` put the following details and click `Add` [[Image(eduroam-check-service-temp.png, 700px, nolink)]] * Goto `Fields` tab of the `Check Eduroam` template. Add following Fields. [[Image(eduroam-check-service-temp-fields.png, 600px, nolink)]] * Now go back to Service tab and add the following details. (Put your own value to the circled part) and click `Store` [[Image(eduroam-check-service-temp2.png, 700px, nolink)]] === Create Host === * Goto `Icinga Director` --> `Hosts` --> `Hosts` --> `+Add` and create a generic host with your !FreeRadius Server details. === Create Service === * Goto `Icinga Director` --> `Services` --> `Single Services` --> `+Add` put the appropriate details and click `Add` [[Image(eduroam-check-service.png, 700px, nolink)]] ( Shared Secret: Key used for freeradius pairing ) ( Paasword: Password for the eduroam test user ) * Then Deploy the settings.