freeradius2 cacti template installation

Few years ago, I had to work on deploying a RADIUS architecture based on freeradius. Working on this very interesting project, made me contribute my first patches, together with some Cacti templates. Those templates are apparently used by some folks around as I receive, every now and then, questions on how to install or “WTF is this error? And so on and so forth. So, in order to make it easier to use (although it’s not exactly what one would call a headache), Here is a little guide for configuration.
This is honestly no different from installing any cacti plugin…
The topic of this article being the freeradius2 plugin and not Cacti installation, I will assume you have a working spiky monitoring tool.

Archive download.

You can first download the archive here. In it you’ll find:

radstatus.sh: the bash script used to extract data.
cacti_host_template_freeradius_server.xml: the host template
components: A folder containing each template of each component. This is only useful if you plan not to use a some templates and don’t want to install them.
cacti_data_template_freeradius_acct_status.xml: data template for accounting statistics.
cacti_data_template_freeradius_auth_status.xml: data template for authentication statistics.
cacti_graph_template_freeradius_acct.xml: graph template to render accounting data.
cacti_graph_template_freeradius_auth.xml: graph template to render authentication data.

Dependancies

As Freeradius 2 doesn’t provide any SNMP interface anymore, none of those templates depends on another SNMP templates (nor any other).
On the other end, the bash script uses the radclient binary file. On Debian based distros, you would require the freeradius-utils package. Apart from that, you’ll need sed, but I bet you have it installed somewhere already.

Preparing the radius server

Since freeradius 2.0, server statistics are available using specific radius queries called “status”. In order to allow Cacti to send such queries to the RADIUS server, the later have to be setup to listen for status queries and define the monitoring server as a client.
If you’re using Debian, there is even a file you can use as a template: /etc/freeradius/sites-available/status. just edit it and link it to /etc/freeradius/sites-enabled/. In this file, make sure the server listens on an interface Cacti can reach, and define it as a client.Eventually, your file should look like what’s bellow:

server status { listen { type = status ipaddr = 0.0.0.0 port = 18121 } client admin { ipaddr = 2.3.4.5 secret = changeme require-message-authenticator = no } authorize { ok Autz-Type Status-Server { ok } } }

Installation

the script

The file radstatus.sh must be copied on the Cacti server, in the directory <path_cacti>/scripts (Debian packages installs cacti in /usr/share/cacti/site).

the templates

Template installation must be done in the admin console, so login to Cacti as admin.
In the admin console, go to the “Import Templates” menu, and click “Browse” in the form to select the host template (cacti_host_template_freeradius_server.xml). Click “Import”, and if everything went OK you should witness the screen bellow:

Configuration

You can now create a new host using the “freeradius server” template. From the “Devices” menu, click on “Add”, and fill in the form as shown bellow (Here I have disabled host detection and SNMP for the sake of simplicity, but obviously you can use it safely):

Finally, head to the freshly created host and in the upper right corner click on “Create Graphs for this Host”.
Tick every freeradius template and then click “Create”. Fill in the form with the values for “secret” and “port” we defined in the freeradius status server:

You’re done, just wait for graphs to be drawn.

Posted

22 September 2013

network, sysadmin

Alexandre Chapellon

Tags:

Comments

13 responses to “freeradius2 cacti template installation”

Micheal Hobday

6 March 2014

Hello,
I have tried to download the archive but the file is missing. I was wondering if you could provide a new link to it.

Regards

Micheal

Reply
1. Alexandre Chapellon
  
  6 March 2014
  
  Sorry I just updated the link. It work by now.
  Thanks for pointing that!
  
  Reply
raw

16 April 2014

Your link to the archive does not work..
not able to download it.. could you fix the link pls 🙂

Reply
raw

16 April 2014

Your link to the archive does not work..
not able to download it.. could you fix the link pls 🙂

edit:
since I am not french, I got to the english translated site, and there the link wont work.
on the other hand the french one works prefectly..
maybe you should update the link to the english translation too 🙂

Reply
1. Alexandre Chapellon
  
  16 April 2014
  
  Well spotted! fixed. thank you for letting me know!
  
  Reply
Markus

29 October 2014

the script doesn’t work for me: I’m using freeradius 3 and on freebsd 10.
./radstatus.sh acct localhost adminsecret 18121
(0) Can’t determine expected response to Status-Server request, specify a well known RADIUS port, or add a Response-Packet-Type attribute to the request of filter

Also think the port number is wrong in the script. in your script it is 18120 but radius is using 18121.

however i tried run radclient with the same args as in the script. but didn’t work. it seems like you need to add.
Response-Packet-Type = Access-Accept. But still no output unless you run radclient -x (debug mode)
However now i think the script has to much output and mess the data up.

Reply
1. Alexandre Chapellon
  
  6 November 2014
  
  Hi Markus,
  
  Sorry for the late reply. I have never tested this script with freeradus3, and i wrote explicitly for freeradius2 as the SNMP module of freeradius1 has been removed from freeradius2. It seems like there were some changes in radclient and freeradius in version 3. I was trying to re-write the plugin using python but the current pyrad library doesn’t support Status-Server packets. I’ll look further in writing something more robust but I am not sure when. Sorry…
  
  Reply
Kenneth

27 March 2015

Hi Dude,

The templates seems from the new version, do you have server template for version Version 0.8.7c or any workaround on how to import it without upgrading Cacti…

Thanks in advance

Regards
Ken

Reply
1. Alexandre Chapellon
  
  29 March 2015
  
  I never tried on this version of cacti. Which error do you encounter?
  
  Reply
Kenneth

30 March 2015

Hi Dude,

Thanks for replying back… I am getting “Error: XML: Generated with a newer version of Cacti.” error.

Any workaround ?

Cheers

Ken

Reply
1. Alexandre Chapellon
  
  19 April 2015
  
  Not that I know of. According to the thread bellow, the template have to be re-created for older version….
  Sorry but I won’t have time to do it unless I can stop time.
  http://forums.cacti.net/post-28880.html
  
  BTW… there must be some securirty issues with 0.8.7c. You should consider upgrading.
  
  Reply
Nadir

9 April 2015

Hi Dude,

I cant integrate your plugin to my existing cacti server. I got empty result error. But.

04/10/2015 01:18:36 AM – POLLER: Poller[0] Parsed MULTI output field ‘threadI:0’ [map threadI->threadI]
04/10/2015 01:18:36 AM – POLLER: Poller[0] Parsed MULTI output field ‘threadG:0’ [map threadG->threadG]
04/10/2015 01:18:36 AM – POLLER: Poller[0] Parsed MULTI output field ‘threadL:0’ [map threadL->threadL]
04/10/2015 01:18:36 AM – POLLER: Poller[0] Parsed MULTI output field ‘threadC:0’ [map threadC->threadC]
04/10/2015 01:18:36 AM – POLLER: Poller[0] Parsed MULTI output field ‘threadD:0’ [map threadD->threadD]
04/10/2015 01:18:36 AM – POLLER: Poller[0] Parsed MULTI output field ‘threadK:0’ [map threadK->threadK]
04/10/2015 01:18:36 AM – POLLER: Poller[0] Parsed MULTI output field ‘threadW:1’ [map threadW->threadW]
04/10/2015 01:18:36 AM – POLLER: Poller[0] Parsed MULTI output field ‘threadR:0’ [map threadR->threadR]
04/10/2015 01:18:36 AM – POLLER: Poller[0] Parsed MULTI output field ‘threadS:0’ [map threadS->threadS]
04/10/2015 01:18:36 AM – POLLER: Poller[0] Parsed MULTI output field ‘thread_W:17’ [map thread_W->thread_W]
04/10/2015 01:18:36 AM – SPINE: Poller[0] Host[73] TH[1] DS[3868] SCRIPT: /usr/local/share/cacti/scripts/radstatus.sh auth 1.2.3.4 secret123 18120, output: U
04/10/2015 01:18:36 AM – SPINE: Poller[0] Host[73] ERROR: Empty result [1.2.3.4]: ‘/usr/local/share/cacti/scripts/radstatus.sh auth 1.2.3.4 secret123 18120’
04/10/2015 01:18:36 AM – SPINE: Poller[0] Host[73] DEBUG: The NIFTY POPEN returned the following File Descriptor 10
04/10/2015 01:18:36 AM – SPINE: Poller[0] Host[73] TH[1] DS[3867] SCRIPT: /usr/local/share/cacti/scripts/radstatus.sh acct 1.2.3.4 secret123 18120, output: U
04/10/2015 01:18:36 AM – SPINE: Poller[0] Host[73] ERROR: Empty result [1.2.3.4]: ‘/usr/local/share/cacti/scripts/radstatus.sh acct 1.2.3.4 secret123 18120’
04/10/2015 01:18:36 AM – SPINE: Poller[0] Host[73] DEBUG: The NIFTY POPEN returned the following File Descriptor 10

/usr/local/share/cacti/scripts/radstatus.sh auth 1.2.3.4 secret 18120
FreeRADIUS-Total-Access-Requests:752320 FreeRADIUS-Total-Access-Accepts:34894 FreeRADIUS-Total-Access-Rejects:717311 FreeRADIUS-Total-Access-Challenges:0 FreeRADIUS-Total-Auth-Responses:752205 FreeRADIUS-Total-Auth-Duplicate-Requests:0 FreeRADIUS-Total-Auth-Malformed-Requests:0 FreeRADIUS-Total-Auth-Invalid-Requests:0 FreeRADIUS-Total-Auth-Dropped-Requests:0 FreeRADIUS-Total-Auth-Unknown-Types:0

Reply
1. Alexandre Chapellon
  
  19 April 2015
  
  Is spine the C written poller for cacti?
  I never tried that plugin with this poller… I think it shouldn’t be a problem but… you never know.
  Which version of cacti are you using?
  
  EDIT: I just found this thread which can give you clues: http://forums.cacti.net/post-69755.html
  Maybe try setting the full path to the script in your data input method. Also clear the poller cache.
  
  Reply