Hello community!
I am having an issue with the monitoring of Radius statistics via the application monitoring feature.
I have set up the snmp extend on Freeradius and have also added the appropriate script freeradius.sh.
When I test the script locally on my Radius server everything works as expected and I get the below results:
[root@radius01 snmp]# /etc/snmp/freeradius.sh
FreeRADIUS-Total-Access-Requests = 26825
FreeRADIUS-Total-Access-Accepts = 6966
FreeRADIUS-Total-Access-Rejects = 19873
FreeRADIUS-Total-Access-Challenges = 0
FreeRADIUS-Total-Auth-Responses = 26839
FreeRADIUS-Total-Auth-Duplicate-Requests = 1
FreeRADIUS-Total-Auth-Malformed-Requests = 0
FreeRADIUS-Total-Auth-Invalid-Requests = 0
FreeRADIUS-Total-Auth-Dropped-Requests = 1
FreeRADIUS-Total-Auth-Unknown-Types = 0
FreeRADIUS-Total-Accounting-Requests = 2381117
FreeRADIUS-Total-Accounting-Responses = 2381075
FreeRADIUS-Total-Acct-Duplicate-Requests = 0
FreeRADIUS-Total-Acct-Malformed-Requests = 0
FreeRADIUS-Total-Acct-Invalid-Requests = 0
FreeRADIUS-Total-Acct-Dropped-Requests = 0
FreeRADIUS-Total-Acct-Unknown-Types = 0
FreeRADIUS-Total-Proxy-Access-Requests = 0
FreeRADIUS-Total-Proxy-Access-Accepts = 0
FreeRADIUS-Total-Proxy-Access-Rejects = 0
FreeRADIUS-Total-Proxy-Access-Challenges = 0
FreeRADIUS-Total-Proxy-Auth-Responses = 0
FreeRADIUS-Total-Proxy-Auth-Duplicate-Requests = 0
FreeRADIUS-Total-Proxy-Auth-Malformed-Requests = 0
FreeRADIUS-Total-Proxy-Auth-Invalid-Requests = 0
FreeRADIUS-Total-Proxy-Auth-Dropped-Requests = 0
FreeRADIUS-Total-Proxy-Auth-Unknown-Types = 0
FreeRADIUS-Total-Proxy-Accounting-Requests = 0
FreeRADIUS-Total-Proxy-Accounting-Responses = 0
FreeRADIUS-Total-Proxy-Acct-Duplicate-Requests = 0
FreeRADIUS-Total-Proxy-Acct-Malformed-Requests = 0
FreeRADIUS-Total-Proxy-Acct-Invalid-Requests = 0
FreeRADIUS-Total-Proxy-Acct-Dropped-Requests = 0
FreeRADIUS-Total-Proxy-Acct-Unknown-Types = 0
FreeRADIUS-Queue-Len-Internal = 0
FreeRADIUS-Queue-Len-Proxy = 0
FreeRADIUS-Queue-Len-Auth = 0
FreeRADIUS-Queue-Len-Acct = 0
FreeRADIUS-Queue-Len-Detail = 0
[root@radius01 snmp]#
Which is exactly what I need, the problem is that when I try to call the script via snmp from my LibreNMS server I get the following error:
[root@nms ~]# snmpget -v2c -c xxxx y.y.y.y .1.3.6.1.4.1.8072.1.3.2.3.1.2.10.102.114.101.101.114.97.100.105.117.115
NET-SNMP-EXTEND-MIB::nsExtendOutputFull.“freeradius” = STRING: /etc/snmp/freeradius.sh: line 29: -x: command not found
invalid result from radclient status request, check server settings
[root@nms ~]#
I have examined the freeradius.sh file, and obviously there is something that is causing an issue with the following line:
RESULT=$(echo “$RADIUS_STATUS_CMD” | $BIN_RADCLIENT -x $RADIUS_SERVER:$RADIUS_PORT status $RADIUS_KEY)
What I can not understand is why the same exact script works fine when I run it locally on the radius server but it throws an error when being called via snmp?
Below is the full content of my freeradius.sh file:
#!/usr/bin/env bash
CONFIGFILE=/etc/snmp/freeradius.conf
# Set 0 for SNMP extend; set to 1 for Check_MK agent
AGENT=0
# Set FreeRADIUS status_server details
RADIUS_SERVER=‘localhost’
RADIUS_PORT=‘18121’
RADIUS_KEY=‘adminsecret’
if [ -f $CONFIGFILE ]; then
# Default radclient access request, shouldn’t need to be changed
RADIUS_STATUS_CMD=‘Message-Authenticator = 0x00, FreeRADIUS-Statistics-Type = 31, Response-Packet-Type = Access-Accept’
# Paths for sed and radclient executables, should work if within PATH
BIN_SED="$(command -v sed)"
BIN_RADCLIENT="$(command -v radclient)"
if [ $AGENT -eq 1 ]; then
- echo “<<>>”*
fi
*RESULT=$(echo “$RADIUS_STATUS_CMD” | $BIN_RADCLIENT -x $RADIUS_SERVER:$RADIUS_PORT status $RADIUS_KEY) *
if [[ $RESULT != “Access-Accept” ]] ; then
-
# A valid result must contain the match string. Otherwise, verify:*
-
# - the FreeRADIUS 'status' virtual server is enabled and running*
-
# - the server, port or key match the 'status' server settings*
-
echo "invalid result from radclient status request, check server settings"*
-
exit 1*
fi
# Return only those AV pairs expected by the FreeRADIUS app, one per line
# Drop any leading or trailing whitespace
# They may be returned in any order
*echo “$RESULT” | $BIN_SED -n *
-
-e 's/\s*\(FreeRADIUS-Total-Access-Requests = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Access-Accepts = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Access-Rejects = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Access-Challenges = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Auth-Responses = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Auth-Duplicate-Requests = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Auth-Malformed-Requests = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Auth-Invalid-Requests = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Auth-Dropped-Requests = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Auth-Unknown-Types = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Accounting-Requests = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Accounting-Responses = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Acct-Duplicate-Requests = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Acct-Malformed-Requests = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Acct-Invalid-Requests = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Acct-Dropped-Requests = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Acct-Unknown-Types = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Proxy-Access-Requests = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Proxy-Access-Accepts = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Proxy-Access-Rejects = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Proxy-Access-Challenges = [0-9]*\)/\1/p' \*
-
-e 's/\s*\(FreeRADIUS-Total-Proxy-Auth-Responses = [0-9]*\)/\1/p' \*
-
[ Wrote 83 lines ]*
Any help would be much appreciated.