------------
check_radius
------------

Is a hacked version of the Cistron Radiusd program radtest that acts as a 
module for Netsaint.  The vast majority of the code was written by some
unnamed human at Livingston Enterprises, and (I'm guessing) Miquel from
Cistron. 

The original source is contained in this tarball as radtest.c.  Cistron
Radius can be gotten at the following location:

http://www.miquels.cistron.nl/radius/ 

You may also be interested in http://www.freeradius.org, a project to
create a free radius library and implementation. :)

Anyway, on to check_radius!

------
Installation
------

Pretty simple.  Edit the makefile; pay close attention to the BINDIR line.
This should match the directory your Netsaint modules live in. 

Then run make; it will spew a bunch of stuff on the screen. Hopefully
not errors. :)

Run make install.  This will place the check_radius module in 
the BINDIR defined in the makefile.  It will also check for the presence
of an /etc/raddb/dictionary file (needed to decode the Radius packets). 
If it doesn't exist, it will create the directory (if needed) and put
a simple dictionary file in this directory.

Edit your hosts.cfg file, adding the following line:

command[check_radius]=/usr/local/netsaint/libexec/check_radius $ARG1$ $ARG2$ $HOSTADDRESS$ $ARG3$ $ARG4$

You can then call the module with the following services line:

service[host]=Radius;24x7;3;5;1;linux-admins;240;24x7;1;1;0;;check_radius!netsaint!password!1!radiussecret

------
Execution
------
The module takes the same arguments that cistron's radtest program takes.

Usage: ./check_radius username passwd servername nas_port_id secretkey [ppphint] [nasname]

So the above command line says test user netsaint with password password at
lenin's IP address, say you want port 1, and the secret is radiussecret.

The module returns an OK state if it verifies that username and password,
returning an Auth-OK packet.  If it denies the user, but reaches the
Radius server, it goes into a WARNING state.  If it cannot reach the
server at all, it will retry 10 times, then report a CRITICAL state.

Simple. :)

------
Problems
------
The Netsaint server that executes the plugin must be a Radius client. 
If it is not, the server will fail.  (That means, for Cistron, put
them in the users and naslist files)  

------
Warning
------
If this doesn't work, breaks radius, sends Netsaint into convulsions,
whatever; it's not my fault.  I make no garuntees whatsoever about 
the suitability of this software for any task, even the one it performs.

Also, the script knows what the radius port is by looking in /etc/services;
make sure it lists the right one, or it will always be critical.

If you have a problem, send email to adam@cybertrails.com

		Adam
