freeradius 2.0 + snmp
Hello, have trouble with freeradius and snmp. Freeradius log in debug mode: ... SMUX connect try 1 SMUX SMUX open oid: 1.3.6.1.4.1.11344.1.1.1 SMUX open progname: radiusd SMUX open password: x SMUX SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 SMUX register priority: -1 SMUX register operation: 1 SMUX SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 SMUX register priority: -1 SMUX register operation: 1 At this point the radius down. Syslog: snmpd[3904]: refused smux peer: oid SNMPv2-SMI::enterprises.11344.1.1.1, descr radiusd CPU: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz Any ideas ? Thx. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.0 + snmp
Am Dienstag, 27. Januar 2009 13:27:11 schrieb Freeradius Mail List: Hello, have trouble with freeradius and snmp. Freeradius log in debug mode: ... SMUX connect try 1 SMUX SMUX open oid: 1.3.6.1.4.1.11344.1.1.1 SMUX open progname: radiusd SMUX open password: x SMUX SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 SMUX register priority: -1 SMUX register operation: 1 SMUX SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 SMUX register priority: -1 SMUX register operation: 1 At this point the radius down. Old style SNMP support (SMUX) did die. Please feel free to add AgentX support to FreeFRADIUS. For the time beeing: Use the virtual status server (see doc there) and start the snmp-proxy perl script. See scripts/snmp-proxy/README in the source dir for more info. Greetings, -- Dr. Michael Schwartzkopff MultiNET Services GmbH Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany Tel: +49 - 89 - 45 69 11 0 Fax: +49 - 89 - 45 69 11 21 mob: +49 - 174 - 343 28 75 mail: mi...@multinet.de web: www.multinet.de Sitz der Gesellschaft: 85630 Grasbrunn Registergericht: Amtsgericht München HRB 114375 Geschäftsführer: Günter Jurgeneit, Hubert Martens --- PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS and SNMP questions
Hi all, I have 2 questions regarding FreeRADIUS and SNMP: 1/ Is it possible to run 2 FreeRADIUS servers on the same box, with SNMP support activated? I understand it's possible, using distinct values for smux_password parameter. 2/ Connecting FreeRADIUS to Net-SNMP using SMUX is quite easy. Has anyone connected FreeRADIUS with BMC PAtrol agent using SMUX? Thanks for any answer Geoff. _ Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and SNMP questions
Geoffroy Arnoud wrote: 1/ Is it possible to run 2 FreeRADIUS servers on the same box, with SNMP support activated? I understand it's possible, using distinct values for smux_password parameter. I'm not sure. FreeRADIUS tries to grab the IETF RADIUS SNMP OID space. If there are two servers, they may conflict with their OID registration. Perhaps it would be useful to *also* export the IETF SNMP space under a configurable hierarchy? 2/ Connecting FreeRADIUS to Net-SNMP using SMUX is quite easy. Has anyone connected FreeRADIUS with BMC PAtrol agent using SMUX? Not me, sorry. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius-1.1.3 + snmp...
Hi list, I have ubuntu 6.10 and i have set-up my freeradius-1.1.3 for peap-eap/mschapv2. I have got this packages for snmp : libsnmp9 , libsnmp9-dev , libsnmp-base , libsnmp-perl , libsnmp-session-perl , php5-snmp , snmp ,snmpd I have configured the radiusd.conf to support snmp and in snmp.conf i have set the community string to public as it is in snmpd.conf. However when i am running freeradius in debugging mode : radiusd -X , i get the following output and the freeradius does not start. Why is that happening ? When i configured the radiusd.conf without snmp everything works perfect. [EMAIL PROTECTED]:/usr/local/etc/raddb# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: snmp = yes main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: bind_address = 10.0.0.15 IP address [10.0.0.15] main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded MS-CHAP mschap: use_mppe = no mschap: require_encryption = yes mschap: require_strong = yes mschap: with_ntdomain_hack = yes mschap: passwd = (null) mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /usr/local/var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = peap eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = (null) tls: pem_file_type = yes tls: private_key_file = /usr/local/etc/raddb/certs/server_keycert.pem tls: certificate_file = /usr/local/etc/raddb/certs/server_keycert.pem tls: CA_file = /usr/local/etc/raddb/certs/demoCA/cacert.pem tls: private_key_password = whatever tls: dh_file = /usr/local/etc/raddb/certs/dh tls: random_file = /usr/local/etc/raddb/certs/random tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = (null) tls: cipher_list = (null) tls: check_cert_issuer = (null) rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls peap: default_eap_type = mschapv2 peap: copy_request_to_tunnel = yes peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded files files:
Re: freeradius-1.1.3 + snmp...
On Friday 12 January 2007 11:13, adreas Polyxronopoulos wrote: I have configured the radiusd.conf to support snmp and in snmp.conf i have set the community string to public as it is in snmpd.conf. In your snmpd.conf file, do you have a line that looks like the following? smuxpeer .1.3.6.1.4.1.3317.1.3.1 public Are there any errors in your log files that might indicate a problem with your snmpd config? However when i am running freeradius in debugging mode : radiusd -X , i get the following output and the freeradius does not start. Why is that happening ? When i configured the radiusd.conf without snmp everything works perfect. Does freeradius exit without error or do you press Ctrl-C to kill it? Kevin Bonner pgp7UST2LqcE9.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius-1.1.3 + snmp...
Hi Kevin and thanks for your time, - In your snmpd.conf file, do you have a line that looks like the following? smuxpeer .1.3.6.1.4.1.3317.1.3.1 public + No i hadn't in my snmpd.conf a line like the follwing : smuxpeer .1.3.6.1.4.1.3317.1.3.1 public However when i add the line in my snmpd.conf at a random place in the file i got the same output. Do i have to write it in a specific place in the snmpd.conf ? - Are there any errors in your log files that might indicate a problem with your snmpd config? + I checked the radiusd.log but nothing useful. - Does freeradius exit without error or do you press Ctrl-C to kill it? + No my freeradius exits without error and i don't press Ctrl-C to kill it. Adreas Polyxronopoulos - Original Message From: Kevin Bonner [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Friday, 12 January, 2007 6:43:04 PM Subject: Re: freeradius-1.1.3 + snmp... On Friday 12 January 2007 11:13, adreas Polyxronopoulos wrote: I have configured the radiusd.conf to support snmp and in snmp.conf i have set the community string to public as it is in snmpd.conf. In your snmpd.conf file, do you have a line that looks like the following? smuxpeer .1.3.6.1.4.1.3317.1.3.1 public Are there any errors in your log files that might indicate a problem with your snmpd config? However when i am running freeradius in debugging mode : radiusd -X , i get the following output and the freeradius does not start. Why is that happening ? When i configured the radiusd.conf without snmp everything works perfect. Does freeradius exit without error or do you press Ctrl-C to kill it? Kevin Bonner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ___ New Yahoo! Mail is the ultimate force in competitive emailing. Find out more at the Yahoo! Mail Championships. Plus: play games and win prizes. http://uk.rd.yahoo.com/evt=44106/*http://mail.yahoo.net/uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: monitoring freeradius with snmp
Title: RE: monitoring freeradius with snmp Ok - thanks I have noticed the following from the output from configure checking for asn1.h,snmp.h,snmp_impl.h... no how can I get configure to look at the directory with these header files in. I'm running Solaris 2.8 Thanks Regards Andy -Original Message- From: [EMAIL PROTECTED] on behalf of Alan DeKok Sent: Tue 9/5/2006 4:28 AM To: FreeRadius users mailing list Subject: Re: monitoring freeradius with snmp Andy Ford [EMAIL PROTECTED] wrote: Thanks for you suggestions. After running configure --with-snmp I noticed (following your notes below) that the '#define WITH_SNMP 1' was missing from autoconf.h. Because configure didn't find the SNMP libraries it needs. So I added the line manually in autoconf.h as ... Which won't work. I downloaded the latest version i.e. freeradius-1.1.2 I also have NET-SNMP version: 5.2.rc3 installed. The server *should* be able to work with net-snmp, especially if you have built net-snmp with ucd-snmp compatibility. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html This e-mail is private and may be confidential and is for the intended recipient only. If misdirected, please notify us by telephone and confirm that it has been deleted from your system and any copies destroyed. If you are not the intended recipient you are strictly prohibited from using, printing, copying, distributing or disseminating this e-mail or any information contained in it. We use reasonable endeavours to virus scan all e-mails leaving the Company but no warranty is given that this e-mail and any attachments are virus free. You should undertake your own virus checking. The right to monitor e-mail communications through our network is reserved by us. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: monitoring freeradius with snmp
Hi, Ok - thanks I have noticed the following from the output from configure checking for asn1.h,snmp.h,snmp_impl.h... no how can I get configure to look at the directory with these header files in. ./configure --help note the CPPFLAGS option. why are your proper SNMP includes not in the compiler include PATH ? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: monitoring freeradius with snmp
Hi Allan
Thanks for you suggestions.
After running configure --with-snmp I noticed (following your notes
below) that the '#define WITH_SNMP 1' was missing from autoconf.h.
So I added the line manually in autoconf.h as ...
/* Include SNMP subagent */
/* #undef WITH_SNMP */
#define WITH_SNMP 1
... and got a stream of error from 'make'.
Here is a small snippet of the errors.
-- make errors
make[4]: Entering directory `/tmp/freeradius-1.1.2/src/main'
/tmp/freeradius-1.1.2/libtool --mode=compile gcc -g -O2 -D_REENTRANT
-D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include
-DHO STINFO=\\ -DRADIUSD_VERSION=\1.1.2\ -c radius_snmp.c rm -f
.libs/radius_snmp.lo gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS
-Wall -D_GNU_SOURCE -DNDEBUG -I../include -DHOSTINFO=\\
-DRADIUSD_VERSION=\1.1.2\ -c radi
us_snmp.c-fPIC -DPIC -o .libs/radius_snmp.lo
In file included from radius_snmp.c:39:
../include/smux.h:60: error: parse error before oid
../include/smux.h:64: error: parse error before oid
../include/smux.h:94: error: parse error before oid
../include/smux.h:94: warning: no semicolon at end of struct or union
../include/smux.h:101: error: parse error before oid
../include/smux.h:101: warning: no semicolon at end of struct or union
../include/smux.h:115: error: parse error before '}' token
../include/smux.h:136: error: parse error before '[' token
--
Obviously I've completely buggered something up.
A little advice would be great.
I downloaded the latest version i.e. freeradius-1.1.2 I also have
NET-SNMP version: 5.2.rc3 installed.
I can see from the list you are a very busy person, so thanks for your
time.
I've attached the complete output from make, along with autoconf.h.
Regards
Andy
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
us.org] On Behalf Of Alan DeKok
Sent: 04 August 2006 18:16
To: FreeRadius users mailing list
Subject: Re: monitoring freeradius with snmp
Andy Ford [EMAIL PROTECTED] wrote:
1. compiled freeradius with the '--with-snmp' option
Did the configure process find the SNMP information it needed?
Does src/include/autoconf.h have a line like:
#define WITH_SNMP 1
?
2. modified the radiusd.conf file with
snmp = yes
$INCLUDE ${confdir}/snmp.conf
When the server starts, does it say anything about connecting to
SMUX peer?
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
This e-mail is private and may be confidential and is for the intended
recipient only. If misdirected, please notify us by telephone and confirm that
it has been deleted from your system and any copies destroyed. If you are not
the intended recipient you are strictly prohibited from using, printing,
copying, distributing or disseminating this e-mail or any information contained
in it. We use reasonable endeavours to virus scan all e-mails leaving the
Company but no warranty is given that this e-mail and any attachments are virus
free. You should undertake your own virus checking. The right to monitor
e-mail communications through our network is reserved by us.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: monitoring freeradius with snmp
-snip- Obviously I've completely buggered something up. A little advice would be great. I downloaded the latest version i.e. freeradius-1.1.2 I also have NET-SNMP version: 5.2.rc3 installed. This may not make any difference to your problem, but my openSUSE boxes are currently running net-snmp 5.3.0.1 (Why run an old Release Candidate?) and the latest release of FreeRADIUS is 1.1.3 Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpxb9j21Oa10.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: monitoring freeradius with snmp
Andy Ford [EMAIL PROTECTED] wrote: Thanks for you suggestions. After running configure --with-snmp I noticed (following your notes below) that the '#define WITH_SNMP 1' was missing from autoconf.h. Because configure didn't find the SNMP libraries it needs. So I added the line manually in autoconf.h as ... Which won't work. I downloaded the latest version i.e. freeradius-1.1.2 I also have NET-SNMP version: 5.2.rc3 installed. The server *should* be able to work with net-snmp, especially if you have built net-snmp with ucd-snmp compatibility. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and SNMP
Am Freitag, 1. September 2006 00:16 schrieb Kevin Bonner: On Wednesday 30 August 2006 11:09, Michael Schwartzkopff wrote: Hi, thanks to that explanation. But my question was: Why I do get no answer if I do snmpwalk (...) localhost enterprises.3317 while walking mib-2.67 gives results? Michael. The ent.3317 OID is only used to establish the SMUX session with the SNMP daemon. It is never registered with snmpd, which is why you receive no results. -Kevin Thanks. That explains a lot. -- Dr. Michael Schwartzkopff MultiNET Services GmbH Bretonischer Ring 7 85630 Grasbrunn Tel: (+49 89) 456 911 - 0 Fax: (+49 89) 456 911 - 21 mob: (+49 174) 343 28 75 PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 pgpMPSoUuEUvM.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and SNMP
On Wednesday 30 August 2006 11:09, Michael Schwartzkopff wrote: Hi, thanks to that explanation. But my question was: Why I do get no answer if I do snmpwalk (...) localhost enterprises.3317 while walking mib-2.67 gives results? Michael. The ent.3317 OID is only used to establish the SMUX session with the SNMP daemon. It is never registered with snmpd, which is why you receive no results. -Kevin pgpEsIkqBW2xE.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and SNMP
Am Dienstag, 29. August 2006 22:35 schrieb Kevin Bonner: (...) The private enterprise number 3317 is assigned by IANA [1] to Port Community Rotterdam, which released the GNOME-SMI MIB module. The GNOME-SMI MIB is used in mibs/GNOME-PRODUCT-RADIUSD-MIB, and using that file you can obtain a full object name for the enterprises.3317.1.3.1 OID. It's only use right now is for the SMUX connection, but may also be needed if/when AgentX support is added. Kevin Bonner Hi, thanks to that explanation. But my question was: Why I do get no answer if I do snmpwalk (...) localhost enterprises.3317 while walking mib-2.67 gives results? Michael. -- Dr. Michael Schwartzkopff MultiNET Services GmbH Bretonischer Ring 7 85630 Grasbrunn Tel: (+49 89) 456 911 - 0 Fax: (+49 89) 456 911 - 21 mob: (+49 174) 343 28 75 PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 pgpXBnIjRsI75.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius and SNMP
Hi,
I have problems starting the SNMP part of FreeRADIUS.
Setup:
FR 1.0.4, SuSE 10.0
radiusd.conf:
snmp = yes
$INCLUDE ${confdir}/snmp.conf
snmp.conf:
smux_password = verysecret
Also my net-snmp is configured according to the docs. When I start both demons
snmpwalk does not give any answer in 1.3.6.1.4.1.3317. When I do a tcpdump on
interface lo (or eth0) port 199 I see no packets beeing exchanged. It seems
that FR does not even try to register the subagent.
Any hints? Should there be packets on the interface at all? What am I doing
wrong?
Thanks for any help.
--
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
85630 Grasbrunn
Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75
PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42
pgpGoavCoGuH7.pgp
Description: PGP signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and SNMP
Michael Schwartzkopff [EMAIL PROTECTED] wrote: Any hints? Should there be packets on the interface at all? What am I doing wrong? Run the server in debugging mode. It will tell you if it's doing SNMP. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and SNMP
Am Dienstag, 29. August 2006 11:18 schrieb Alan DeKok: Michael Schwartzkopff [EMAIL PROTECTED] wrote: Any hints? Should there be packets on the interface at all? What am I doing wrong? Run the server in debugging mode. It will tell you if it's doing SNMP. Alan DeKok. hi, the only reference to SNMP in the debug mode is the following line: Config: including file: /usr/local/etc/raddb/snmp.conf What should radiusd say, if snmp does work? -- Dr. Michael Schwartzkopff MultiNET Services GmbH Bretonischer Ring 7 85630 Grasbrunn Tel: (+49 89) 456 911 - 0 Fax: (+49 89) 456 911 - 21 mob: (+49 174) 343 28 75 PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 pgprActPL5rMy.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and SNMP
Michael Schwartzkopff [EMAIL PROTECTED] wrote: What should radiusd say, if snmp does work? It *should* print out that it's doing SNMP. If it doesn't, it's a bug. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and SNMP
Am Dienstag, 29. August 2006 12:35 schrieb Alan DeKok: Michael Schwartzkopff [EMAIL PROTECTED] wrote: What should radiusd say, if snmp does work? It *should* print out that it's doing SNMP. If it doesn't, it's a bug. Alan DeKok. Hi, I recompiled the latest version (1.1.3) explicitly telling configure --with-snmp and everything seems to be ok. Debug output from radius: main: smux_password = verysecret main: snmp_write_access = yes SMUX connect try 1 SMUX open oid: 1.3.6.1.4.1.3317.1.3.1 SMUX open progname: radiusd SMUX open password: verysecret SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 SMUX register priority: -1 SMUX register operation: 2 SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 SMUX register priority: -1 SMUX register operation: 2 Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. SMUX read start SMUX read len: 12 SMUX message received type: 67 rest len: 4 SMUX_RRSP SMUX_RRSP value: 0 errstat: 0 --- Walking the entire request list --- and logfile from net-snmp tell something meaningful: [smux_accept] accepted fd 11 from 127.0.0.1:47423 accepted smux peer: oid SNMPv2-SMI::enterprises.3317.1.3.1, descr radiusd Now: snmpwalk (...) mib-2.67 gives good results, but snmpwalk (...) enterprises.3317 gives nothing. Reading the MIBs in mibs/ there are only the descriptions of mib-2.67, nothing about 3317. Is this OK or am I missing something? Michael. -- Dr. Michael Schwartzkopff MultiNET Services GmbH Bretonischer Ring 7 85630 Grasbrunn Tel: (+49 89) 456 911 - 0 Fax: (+49 89) 456 911 - 21 mob: (+49 174) 343 28 75 PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 pgp7E6KciVOC8.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and SNMP
On Tuesday 29 August 2006 07:25, Michael Schwartzkopff wrote: I recompiled the latest version (1.1.3) explicitly telling configure --with-snmp and everything seems to be ok. Debug output from radius: Looks like everything should work fine based on the output. Now: snmpwalk (...) mib-2.67 gives good results, but snmpwalk (...) enterprises.3317 gives nothing. Reading the MIBs in mibs/ there are only the descriptions of mib-2.67, nothing about 3317. Is this OK or am I missing something? mib-2.67 is what you care about. You can load the mib files from the mibs/ directory to see useful names, or read the chart files to see what each OID value represents. The private enterprise number 3317 is assigned by IANA [1] to Port Community Rotterdam, which released the GNOME-SMI MIB module. The GNOME-SMI MIB is used in mibs/GNOME-PRODUCT-RADIUSD-MIB, and using that file you can obtain a full object name for the enterprises.3317.1.3.1 OID. It's only use right now is for the SMUX connection, but may also be needed if/when AgentX support is added. Kevin Bonner [1] http://www.iana.org/assignments/enterprise-numbers pgpQsPZyshDsS.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
monitoring freeradius with snmp
Hi,
I have a requirement to monitor freeradius with snmp.
According to the freeradius web site and other sources I've done the
following...
1. compiled freeradius with the '--with-snmp' option
2. modified the freeradius snmp.conf file to include
smux_password = verysecret
2. modified the radiusd.conf file with
snmp = yes
$INCLUDE ${confdir}/snmp.conf
3. modified the net-snmp snmpd.conf file to include
smuxpeer .1.3.6.1.4.1.3317.1.3.1 verysecret
4. started the radiusd and snmpd daemons.
When I do an 'snmpwalk -v1 -c public localhost system' I get the
'system' info from the MIB (as expected).
When I walk enterprises.3317 I get nothing.
I didn't actually expect to get much as I have a huge gap in my
knowledge which is the smux. I'm not sure how it works or how I
implement it successfully.
Has anyone implemented an smux or monitoring freeradius with snmp.
If you have, It would be great if you would impart with any knowledge
you may have so I can sort this out.
Thanks for your time
Regards
Andy
--
perl -e print qq^bIG VeRN ! ^^qq^#'#Yv#=D+ ^
This e-mail is private and may be confidential and is for the intended
recipient only. If misdirected, please notify us by telephone and confirm that
it has been deleted from your system and any copies destroyed. If you are not
the intended recipient you are strictly prohibited from using, printing,
copying, distributing or disseminating this e-mail or any information contained
in it. We use reasonable endeavours to virus scan all e-mails leaving the
Company but no warranty is given that this e-mail and any attachments are virus
free. You should undertake your own virus checking. The right to monitor
e-mail communications through our network is reserved by us.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: monitoring freeradius with snmp
Andy Ford [EMAIL PROTECTED] wrote:
1. compiled freeradius with the '--with-snmp' option
Did the configure process find the SNMP information it needed?
Does src/include/autoconf.h have a line like:
#define WITH_SNMP 1
?
2. modified the radiusd.conf file with
snmp = yes
$INCLUDE ${confdir}/snmp.conf
When the server starts, does it say anything about connecting to
SMUX peer?
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: monitoring freeradius with snmp
On Friday 04 August 2006 09:59, Andy Ford wrote: 4. started the radiusd and snmpd daemons. Sounds good so far. When you run in debug mode, does the SMUX registration work properly? You should see something similar to this: SMUX connect try 1 SMUX open oid: 1.3.6.1.4.1.3317.1.3.1 SMUX open progname: radiusd SMUX open password: somesecretpass SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 SMUX register priority: -1 SMUX register operation: 1 SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 SMUX register priority: -1 SMUX register operation: 1 When I walk enterprises.3317 I get nothing. The mibs directory has loadable files so that you can use pretty names (radiusAuthServIdent) instead of OIDs in your queries. If you're just looking for confirmation that FR+SNMP is working, you can run: $ snmpwalk -v1 -c public localhost mib-2.67.1.1.1.1.1.0 RADIUS-AUTH-SERVER-MIB::radiusAuthServIdent.0 = STRING: FreeRADIUS Version 1.1.2, for host , built on Jul 6 2006 at 12:59:53 Kevin Bonner pgpzU6PQm5KJc.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and SNMP
DESETech - German P. Santillan [EMAIL PROTECTED] wrote: But... I can't obtain a valid response for OID 1.3.6.1.4.1.3317 Run the server in debugging mode as suggested in the README, FAQ, INSTALL, and daily on this list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and SNMP
On Wednesday 12 April 2006 10:48, DESETech - German P. Santillan wrote: But... I can't obtain a valid response for OID 1.3.6.1.4.1.3317 The OIDs you want to query are: radiusAuthServ 1.3.6.1.2.1.67.1.1.1.1.* (or mib-2.67.1.1.1.1.*) radiusAccServ 1.3.6.1.2.1.67.2.1.1.1.* (or mib-2.67.2.1.1.1.*) Loading the MIBS from the mibs/ directory in the FR source will allow you to query the actual names instead of OIDs. Kevin Bonner pgpy0cSSrJGE3.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius restart snmp
Hello Is there any way to restart freeradius 1.0.4 using SNMP ? Regards Reza - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius restart snmp
Reza Toghraee [EMAIL PROTECTED] wrote: Is there any way to restart freeradius 1.0.4 using SNMP ? Yes. See the RADIUS MIBs. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Compiling freeradius with snmp-support
Hi, I'm using freeradius 0.9.3 on Suse 9.1 I authorize my users with mysql. My AccessPoint is a Cisco 350. How do I change the configuration of my precompiled freeradius on suse 9.1 after the installation. Freeradius was installed by default with no snmp-support. Is there any way to do this, or do i have to reinstall and/or update to 1.0? Thanks a lot winmail.dat
Re: Compiling freeradius with snmp-support
Tobias Amon [EMAIL PROTECTED] wrote: How do I change the configuration of my precompiled freeradius on suse 9.1 after the installation. Freeradius was installed by default with no snmp-support. Is there any way to do this, or do i have to reinstall and/or update to 1.0? You have to re-install. You can still use 0.9.3, but I suggest you try upgrading. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
