Get OpenNMS
Get Involved
Get to Know Us
From OpenNMS
As ever there are two parts to polling a service; service discovery and service polling (monitoring).
The Radius capsd plugin and poller monitor are tested with freeradius 1.0.
These notes are valid for OpenNMS version 1.3.x. This should work for 1.2.x as well, but you will need to change the class-name in capsd-configuration.xml to org.opennms.netmgt.capsd.RadiusAuthPlugin (just remove plugins from the package name).
Service Discovery
You'll need something like this in capsd-configuration.xml
<protocol-plugin protocol="RadiusAuth" class-name="org.opennms.netmgt.capsd.plugins.RadiusAuthPlugin" scan="on" user-defined="false">
<property key="retry" value="3"/>
<property key="authport" value="1812"/>
<property key="acctport" value="1813"/>
<property key="timeout" value="3000"/>
<property key="user" value="OpenNMS"/>
<property key="password" value="0penNM5"/>
<property key="secret" value="mysecret"/>
</protocol-plugin>
- authport - port to send radius auth request to (default 1812)
- acctport - port to send radius accounting request to (default 1813)- Note that the capsd plugin does not currently test radius accounting, but a port is required by the constructor form used by the plugin.
- authtype - chap/pap (default pap)
- timeout - in millisecond (default 5000)
- retry - number of retries (default 3)
- user - user (default "OpenNMS")
- password - password (default "OpenNMS")
- secret - this host's secret (default "secret")
Note that the plugin will detect the radius service if it receives an "accept", "challenge" or "reject" from the remote server. In common therefore, the plugin will detect the service if it gets a response that is a vaild radius datagram, regardless of whether authentication has successfully taken place. In fact you could probably remove all the defined properties from capds-configuration.xml and still have it discovered, though this has not been tested. You may not want a whole load of noise in your radius server logs though, and these properties are made available for that reason.
Service Polling
You'll need something like this in poller-configuration.xml
<service name="RadiusAuth" interval="300000" user-defined="false" status="on">
<parameter key="retry" value="3"/>
<parameter key="authport" value="1812"/>
<parameter key="acctport" value="1813"/>
<parameter key="timeout" value="3000"/>
<parameter key="user" value="OpenNMS"/>
<parameter key="password" value="0penNM5"/>
<parameter key="secret" value="mysecret"/>
<parameter key="rrd-repository" value="/opt/OpenNMS/share/rrd/response"/>
<parameter key="ds-name" value="radiusauth"/>
</service>
.
.
.
<monitor service="RadiusAuth" class-name="org.opennms.netmgt.poller.monitors.RadiusAuthMonitor"/>
The capsd takes the same parameters as the plugin takes properties, thus:
- authport - port to send radius auth request to (default 1812)
- acctport - port to send radius accounting request to (default 1813)- Note that the capsd plugin does not currently test radius accounting, but a port is required by the constructor form used by the plugin.
- authtype - chap/pap (default pap)
- timeout - in millisecond (default 5000)
- retry - number of retries (default 3)
- user - user (default "OpenNMS")
- password - password (default "OpenNMS")
- secret - this host's secret (default "secret")
It also takes the rrd-repository and ds-name parameters. If you omit those, then no response time data will be collected.
Unlike the capsd plugin, the poller monitor requires a vaild "accept" from the remote server. Any other response will result in the service being marked "down".
