diff --git a/README.md b/README.md
index 9209cf4aca73434dbe4fed878d996a1102c59651..5df5a6cf1ce01141f41739cf01874af56329d461 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[PACKAGE]: ../../raw/master/packagee-0.1.2-20230706.mkp "package-0.1.2-20230706.mkp"
+[PACKAGE]: ../../raw/master/mkp/check_radius-0.0.1-20240421.mkp "check_radius-0.0.1-20240421.mkp"
# Title
A short description about the plugin
diff --git a/mkp/check_radius-0.0.1-20240421.mkp b/mkp/check_radius-0.0.1-20240421.mkp
new file mode 100644
index 0000000000000000000000000000000000000000..af3d90c0c5fe60838831d11bca1d6c24e26a01dc
Binary files /dev/null and b/mkp/check_radius-0.0.1-20240421.mkp differ
diff --git a/source/checkman/.gitkeep b/source/checkman/.gitkeep
deleted file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000
diff --git a/source/checkman/check_radius b/source/checkman/check_radius
deleted file mode 100644
index 08ef898bcf6eb7a7979de60090d54f9719bbbc5b..0000000000000000000000000000000000000000
--- a/source/checkman/check_radius
+++ /dev/null
@@ -1,45 +0,0 @@
-title: Dummy check man page - used as template for new check manuals
-agents: linux, windows, aix, solaris, hpux, vms, freebsd, snmp
-catalog: see modules/catalog.py for possible values
-license: GPL
-distribution: check_mk
-description:
- Describe here: (1) what the check actually does, (2) under which
- circumstances it goes warning/critical, (3) which devices are supported
- by the check, (4) if the check requires a separated plugin or
- tool or separate configuration on the target host.
-
-item:
- Describe the syntax and meaning of the check's item here. Provide all
- information one needs if coding a manual check with {checks +=} in {main.mk}.
- Give an example. If the check uses {None} as sole item,
- then leave out this section.
-
-examples:
- # Give examples for configuration in {main.mk} here. If the check has
- # configuration variable, then give example for them here.
-
- # set default levels to 40 and 60 percent:
- foo_default_values = (40, 60)
-
- # another configuration variable here:
- inventory_foo_filter = [ "superfoo", "superfoo2" ]
-
-perfdata:
- Describe precisely the number and meaning of performance variables
- the check sends. If it outputs no performance data, then leave out this
- section.
-
-inventory:
- Describe how the inventory for the check works. Which items
- will it find? Describe the influence of check specific
- configuration parameters to the inventory.
-
-[parameters]
-foofirst(int): describe the first parameter here (if parameters are grouped
- as tuple)
-fooother(string): describe another parameter here.
-
-[configuration]
-foo_default_levels(int, int): Describe global configuration variable of
- foo here. Important: also tell the user how they are preset.
diff --git a/source/checks/check_radius b/source/checks/check_radius
new file mode 100644
index 0000000000000000000000000000000000000000..eaa316ccf62ee5d8b362af8f23c6e1108a317835
--- /dev/null
+++ b/source/checks/check_radius
@@ -0,0 +1,52 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2024-04-21
+# File : checks/check_radius
+#
+
+
+def check_radius_arguments(params):
+ args = []
+
+ if server := params.get('server'):
+ args.extend(['-H', server])
+ else:
+ args.append('-H $HOSTADDRESS$')
+
+ if auth_port := params.get("auth_port"):
+ args.extend(['--authport', auth_port])
+
+ if secret := params.get("secret"):
+ args.extend(["--secret", passwordstore_get_cmdline("%s", secret)])
+
+ if user_name := params.get("user_name"):
+ args.extend([f'--username', user_name])
+
+ if user_password := params.get("user_password"):
+ args.extend(["--password", passwordstore_get_cmdline("%s", user_password)])
+
+ if timeout := params.get('timeout'):
+ args.extend(['-timeout', timeout])
+
+ return args
+
+
+def _check_description(params):
+ if 'description' in params:
+ return f'RADIUS server {params["description"]}'
+
+ return 'RADIUS server'
+
+
+active_check_info['radius'] = {
+ 'command_line': 'check_radius $ARG1$',
+ 'argument_function': check_radius_arguments,
+ 'service_description': _check_description,
+ 'has_perfdata': True,
+}
diff --git a/source/gui/metrics/check_radius.py b/source/gui/metrics/check_radius.py
new file mode 100644
index 0000000000000000000000000000000000000000..5c8cff2d37eb286eab8a4daaa3e67c47783a8052
--- /dev/null
+++ b/source/gui/metrics/check_radius.py
@@ -0,0 +1,43 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2024-04-21
+# File : metrics/check_radius.py
+#
+#
+
+from cmk.gui.i18n import _
+
+from cmk.gui.plugins.metrics.utils import (
+ metric_info,
+ graph_info,
+ perfometer_info
+)
+
+metric_info['radius_request_time'] = {
+ 'title': _('Request time'),
+ 'unit': 's',
+ 'color': '#9a52bf',
+}
+
+graph_info['check_radius_time'] = {
+ 'title': _('RADIUS request time'),
+ 'metrics': [
+ ('radius_request_time', 'area'),
+ ],
+ 'scalars': [
+ ('radius_request_time:crit', _('Crit')),
+ ('radius_request_time:warn', _('Warn')),
+ ],
+}
+
+perfometer_info.append({
+ 'type': 'logarithmic',
+ 'metric': 'radius_request_time',
+ 'half_value': 1.0,
+ 'exponent': 10.0,
+})
diff --git a/source/gui/wato/check_parameters/check_radius.py b/source/gui/wato/check_parameters/check_radius.py
new file mode 100644
index 0000000000000000000000000000000000000000..d38398d35ae7d0a57649ebea1663a574716f9ca7
--- /dev/null
+++ b/source/gui/wato/check_parameters/check_radius.py
@@ -0,0 +1,102 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2022-10-04
+# File : wato/active_checks_radius.py
+#
+# 2024-01-01: modified for cmk 2.2.x
+
+from cmk.gui.i18n import _
+from cmk.gui.valuespec import (
+ Dictionary,
+ Integer,
+ TextAscii,
+ Transform,
+)
+
+from cmk.gui.plugins.wato.active_checks.common import RulespecGroupActiveChecks
+from cmk.gui.plugins.wato.utils import HostRulespec, rulespec_registry, IndividualOrStoredPassword
+
+
+def _valuespec_active_checks_radius():
+ return Transform(
+ Dictionary(
+ title=_('Check RADIUS service'),
+ help=_(''),
+ elements=[
+ ('description',
+ TextAscii(
+ title=_('Service description'),
+ help=_(
+ 'Must be unique for every host. The service description starts always with \"RADIUS server\".'),
+ size=50,
+ placeholder='Item name for the service',
+ allow_empty=False,
+ )),
+ ('server',
+ TextAscii(
+ title=_('Server IP-address or name'),
+ help=_(
+ 'Hostname or IP-address to monitor. Default is the host name/IP-Address of the monitored host.'
+ ),
+ size=50,
+ allow_empty=False,
+ )),
+ ('auth_port',
+ Integer(
+ title=_('RADIUS authentication port'),
+ help=_('The RADIUS port to use for authentication. Default is 1812.'),
+ # size=5,
+ default_value=1812,
+ minvalue=1,
+ maxvalue=65535,
+ )),
+ ('secret',
+ IndividualOrStoredPassword(
+ title=_('Server secret'),
+ help=_('The RADIUS secret.'),
+ # size=50,
+ allow_empty=False,
+ )),
+ ('timeout',
+ Integer(
+ title=_('Server timeout'),
+ help=_('The user password.'),
+ default_value=2,
+ minvalue=1,
+ maxvalue=30,
+ )),
+ ('user_name',
+ TextAscii(
+ title=_('User name'),
+ help=_('The user name to use in the request.'),
+ size=50,
+ placeholder='user name to use in the request',
+ allow_empty=False,
+ )),
+ ('user_password',
+ IndividualOrStoredPassword(
+ title=_('User password'),
+ help=_('The user password.'),
+ # size=50,
+ allow_empty=False
+ )),
+ ],
+ required_keys=['secret']
+ ),
+ )
+
+
+rulespec_registry.register(
+ HostRulespec(
+ group=RulespecGroupActiveChecks,
+ match_type='all',
+ name='active_checks:radius',
+ valuespec=_valuespec_active_checks_radius,
+ )
+)
diff --git a/source/lib/nagios/plugins/check_radius b/source/lib/nagios/plugins/check_radius
new file mode 100755
index 0000000000000000000000000000000000000000..4680980d163fb9c979abae40296bfc20a073f5d7
--- /dev/null
+++ b/source/lib/nagios/plugins/check_radius
@@ -0,0 +1,142 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2024-04-21
+# File : active_checks_radius.py
+#
+# Active check to monitor radius servers.
+#
+# https://github.com/pyradius/pyrad
+#
+import socket
+
+from typing import Sequence
+import sys
+from argparse import ArgumentParser, ArgumentDefaultsHelpFormatter, Namespace, ArgumentTypeError
+from time import time_ns
+from os import environ
+
+import cmk.utils.password_store
+
+no_radiuslib = False
+try:
+ from pyrad.client import Client as rad_client
+ from pyrad.dictionary import Dictionary as rad_dictionary
+ import pyrad.packet
+except ModuleNotFoundError:
+ no_radiuslib = True
+
+
+def parse_arguments(argv: Sequence[str]) -> Namespace:
+ parser = ArgumentParser(
+ formatter_class=ArgumentDefaultsHelpFormatter,
+ epilog=''
+ )
+ parser.add_argument(
+ '-H', '--host', required=True,
+ help='Host/IP-Address of RADIUS server to query (required)')
+ parser.add_argument(
+ '--secret', required=True,
+ help='secret RADIUS key')
+ parser.add_argument(
+ '--username', default='dummyuser',
+ help='user name to test with')
+ parser.add_argument(
+ '--password', default='dummyuser',
+ help='user password to test with')
+ parser.add_argument(
+ '--authport', type=int, default=1812,
+ help='RADIUS authentication port to use.')
+ parser.add_argument(
+ '--timeout', type=int, default=1,
+ help='RADIUS server timeout.')
+
+ args = parser.parse_args(argv)
+ args.host = args.host.strip(' ')
+ return args
+
+
+def main(args=None):
+ if args is None:
+ args = sys.argv[1:] # without the path/plugin itself
+
+ args = parse_arguments(args)
+
+ if no_radiuslib:
+ sys.stdout.write(
+ 'To use this check plugin you need to install the python pyrad lib in your CMK python environment.\n'
+ )
+ sys.exit(3)
+
+ omd_root = environ["OMD_ROOT"]
+ info_text = ''
+ long_output = ''
+ perf_data = ''
+ status = 0
+
+ rad_server = rad_client(
+ server=args.host,
+ authport=args.authport,
+ secret=args.secret.encode('utf-8'),
+ dict=rad_dictionary(f'{omd_root}/local/lib/nagios/plugins/dictionary'),
+ timeout=args.timeout,
+ )
+
+ rad_req = rad_server.CreateAuthPacket(
+ code=pyrad.packet.AccessRequest,
+ User_Name=args.username,
+ NAS_Identifier=args.host,
+ )
+ rad_req["User-Password"] = rad_req.PwCrypt(args.password)
+ before_request_time = time_ns()
+ try:
+ response = rad_server.SendPacket(rad_req)
+ except pyrad.client.Timeout as e:
+ status = 2
+ info_text = 'Radius request timeout'
+ long_output += f'\nRadius request timeout.\n{e}'
+ except socket.error as e:
+ status = 2
+ info_text = 'Network error'
+ long_output += f'\nNetwork error\n{e}'
+ else:
+ request_time = (time_ns() - before_request_time) / 1000 / 1000 / 1000 # -> ns to seconds
+ match response.code:
+ case pyrad.packet.AccessAccept:
+ info_text += 'Response: access accept'
+ long_output += '\nResponse: access accept'
+ long_output += f'\nResponse code: {response.code}'
+ if response.has_key:
+ long_output += f'\nNumber of attributes in response: {len(response.keys())}'
+ long_output += f'\n\nResponse attributes:'
+ for key in response.keys():
+ long_output += f'\n{key}: {response.get(key)}'
+ else:
+ long_output += f'\nNo attributes in response: {len(response.keys())}'
+ case pyrad.packet.AccessReject:
+ info_text += 'Response: access reject'
+ long_output += '\nResponse: access reject'
+ long_output += f'\nResponse code: {response.code}'
+ case _:
+ info_text += f'Response: code unknown'
+ long_output += f'\nResponse: code unknown'
+ long_output += f'\nResponse code: {response.code}'
+ status = 3
+
+ perf_data += f'radius_request_time={request_time}'
+
+ info_text = info_text.strip(',').strip(' ')
+ sys.stdout.write(f'{info_text}\n{long_output} | {perf_data}\n')
+
+ return status
+
+
+if __name__ == '__main__':
+ cmk.utils.password_store.replace_passwords()
+ exitcode = main()
+ sys.exit(exitcode)
diff --git a/source/lib/nagios/plugins/dictionary b/source/lib/nagios/plugins/dictionary
new file mode 100644
index 0000000000000000000000000000000000000000..30fb5281c4db8ff587c5f44350b61b171baae5c7
--- /dev/null
+++ b/source/lib/nagios/plugins/dictionary
@@ -0,0 +1,446 @@
+#
+# Version $Id: dictionary,v 1.1.1.1 2002/10/11 12:25:39 wichert Exp $
+#
+# for free radius dictionaries see: /usr/share/freeradius
+#
+# This file contains dictionary translations for parsing
+# requests and generating responses. All transactions are
+# composed of Attribute/Value Pairs. The value of each attribute
+# is specified as one of 4 data types. Valid data types are:
+#
+# string - 0-253 octets
+# ipaddr - 4 octets in network byte order
+# integer - 32 bit value in big endian order (high byte first)
+# date - 32 bit value in big endian order - seconds since
+# 00:00:00 GMT, Jan. 1, 1970
+#
+# FreeRADIUS includes extended data types which are not defined
+# in RFC 2865 or RFC 2866. These data types are:
+#
+# abinary - Ascend's binary filter format.
+# octets - raw octets, printed and input as hex strings.
+# e.g.: 0x123456789abcdef
+#
+#
+# Enumerated values are stored in the user file with dictionary
+# VALUE translations for easy administration.
+#
+# Example:
+#
+# ATTRIBUTE VALUE
+# --------------- -----
+# Framed-Protocol = PPP
+# 7 = 1 (integer encoding)
+#
+
+#
+# Include compatibility dictionary for older users file. Move this
+# directive to the end of the file if you want to see the old names
+# in the logfiles too.
+#
+#$INCLUDE dictionary.compat # compability issues
+#$INCLUDE dictionary.acc
+#$INCLUDE dictionary.ascend
+#$INCLUDE dictionary.bay
+#$INCLUDE dictionary.cisco
+#$INCLUDE dictionary.livingston
+#$INCLUDE dictionary.microsoft
+#$INCLUDE dictionary.quintum
+#$INCLUDE dictionary.redback
+#$INCLUDE dictionary.shasta
+#$INCLUDE dictionary.shiva
+#$INCLUDE dictionary.tunnel
+#$INCLUDE dictionary.usr
+#$INCLUDE dictionary.versanet
+#$INCLUDE dictionary.erx
+$INCLUDE dictionary.freeradius
+#$INCLUDE dictionary.alcatel
+
+#
+# Following are the proper new names. Use these.
+#
+ATTRIBUTE User-Name 1 string
+ATTRIBUTE User-Password 2 string
+ATTRIBUTE CHAP-Password 3 octets
+ATTRIBUTE NAS-IP-Address 4 ipaddr
+ATTRIBUTE NAS-Port 5 integer
+ATTRIBUTE Service-Type 6 integer
+ATTRIBUTE Framed-Protocol 7 integer
+ATTRIBUTE Framed-IP-Address 8 ipaddr
+ATTRIBUTE Framed-IP-Netmask 9 ipaddr
+ATTRIBUTE Framed-Routing 10 integer
+ATTRIBUTE Filter-Id 11 string
+ATTRIBUTE Framed-MTU 12 integer
+ATTRIBUTE Framed-Compression 13 integer
+ATTRIBUTE Login-IP-Host 14 ipaddr
+ATTRIBUTE Login-Service 15 integer
+ATTRIBUTE Login-TCP-Port 16 integer
+ATTRIBUTE Reply-Message 18 string
+ATTRIBUTE Callback-Number 19 string
+ATTRIBUTE Callback-Id 20 string
+ATTRIBUTE Framed-Route 22 string
+ATTRIBUTE Framed-IPX-Network 23 ipaddr
+ATTRIBUTE State 24 octets
+ATTRIBUTE Class 25 octets
+ATTRIBUTE Vendor-Specific 26 octets
+ATTRIBUTE Session-Timeout 27 integer
+ATTRIBUTE Idle-Timeout 28 integer
+ATTRIBUTE Termination-Action 29 integer
+ATTRIBUTE Called-Station-Id 30 string
+ATTRIBUTE Calling-Station-Id 31 string
+ATTRIBUTE NAS-Identifier 32 string
+ATTRIBUTE Proxy-State 33 octets
+ATTRIBUTE Login-LAT-Service 34 string
+ATTRIBUTE Login-LAT-Node 35 string
+ATTRIBUTE Login-LAT-Group 36 octets
+ATTRIBUTE Framed-AppleTalk-Link 37 integer
+ATTRIBUTE Framed-AppleTalk-Network 38 integer
+ATTRIBUTE Framed-AppleTalk-Zone 39 string
+
+ATTRIBUTE Acct-Status-Type 40 integer
+ATTRIBUTE Acct-Delay-Time 41 integer
+ATTRIBUTE Acct-Input-Octets 42 integer
+ATTRIBUTE Acct-Output-Octets 43 integer
+ATTRIBUTE Acct-Session-Id 44 string
+ATTRIBUTE Acct-Authentic 45 integer
+ATTRIBUTE Acct-Session-Time 46 integer
+ATTRIBUTE Acct-Input-Packets 47 integer
+ATTRIBUTE Acct-Output-Packets 48 integer
+ATTRIBUTE Acct-Terminate-Cause 49 integer
+ATTRIBUTE Acct-Multi-Session-Id 50 string
+ATTRIBUTE Acct-Link-Count 51 integer
+ATTRIBUTE Acct-Input-Gigawords 52 integer
+ATTRIBUTE Acct-Output-Gigawords 53 integer
+ATTRIBUTE Event-Timestamp 55 date
+
+ATTRIBUTE CHAP-Challenge 60 string
+ATTRIBUTE NAS-Port-Type 61 integer
+ATTRIBUTE Port-Limit 62 integer
+ATTRIBUTE Login-LAT-Port 63 integer
+ATTRIBUTE Tunnel-Type 64 integer
+ATTRIBUTE Tunnel-Medium-Type 65 integer
+ATTRIBUTE Tunnel-Client-Endpoint 66 string
+ATTRIBUTE Tunnel-Server-Endpoint 67 string
+ATTRIBUTE Acct-Tunnel-Connection 68 string
+ATTRIBUTE Tunnel-Password 69 string
+
+ATTRIBUTE ARAP-Password 70 string
+ATTRIBUTE ARAP-Features 71 string
+ATTRIBUTE ARAP-Zone-Access 72 integer
+ATTRIBUTE ARAP-Security 73 integer
+ATTRIBUTE ARAP-Security-Data 74 string
+ATTRIBUTE Password-Retry 75 integer
+ATTRIBUTE Prompt 76 integer
+ATTRIBUTE Connect-Info 77 string
+ATTRIBUTE Configuration-Token 78 string
+ATTRIBUTE EAP-Message 79 string
+ATTRIBUTE Message-Authenticator 80 octets
+ATTRIBUTE Tunnel-Private-Group-Id 81 string
+ATTRIBUTE Tunnel-Assignment-Id 82 string
+ATTRIBUTE Tunnel-Preference 83 integer
+ATTRIBUTE ARAP-Challenge-Response 84 string # 10 octets
+ATTRIBUTE Acct-Interim-Interval 85 integer
+ATTRIBUTE NAS-Port-Id 87 string
+ATTRIBUTE Framed-Pool 88 string
+ATTRIBUTE NAS-IPv6-Address 95 octets # really IPv6
+ATTRIBUTE Framed-Interface-Id 96 octets # 8 octets
+ATTRIBUTE Framed-IPv6-Prefix 97 ipv6prefix # stupid format
+ATTRIBUTE Login-IPv6-Host 98 octets # really IPv6
+ATTRIBUTE Framed-IPv6-Route 99 string
+ATTRIBUTE Framed-IPv6-Pool 100 string
+ATTRIBUTE Delegated-IPv6-Prefix 123 ipv6prefix
+
+
+ATTRIBUTE Digest-Response 206 string
+ATTRIBUTE Digest-Attributes 207 octets # stupid format
+
+#
+# Experimental Non Protocol Attributes used by Cistron-Radiusd
+#
+
+# These attributes CAN go in the reply item list.
+ATTRIBUTE Fall-Through 500 integer
+ATTRIBUTE Exec-Program 502 string
+ATTRIBUTE Exec-Program-Wait 503 string
+
+# These attributes CANNOT go in the reply item list.
+ATTRIBUTE User-Category 1029 string
+ATTRIBUTE Group-Name 1030 string
+ATTRIBUTE Huntgroup-Name 1031 string
+ATTRIBUTE Simultaneous-Use 1034 integer
+ATTRIBUTE Strip-User-Name 1035 integer
+ATTRIBUTE Hint 1040 string
+ATTRIBUTE Pam-Auth 1041 string
+ATTRIBUTE Login-Time 1042 string
+ATTRIBUTE Stripped-User-Name 1043 string
+ATTRIBUTE Current-Time 1044 string
+ATTRIBUTE Realm 1045 string
+ATTRIBUTE No-Such-Attribute 1046 string
+ATTRIBUTE Packet-Type 1047 integer
+ATTRIBUTE Proxy-To-Realm 1048 string
+ATTRIBUTE Replicate-To-Realm 1049 string
+ATTRIBUTE Acct-Session-Start-Time 1050 date
+ATTRIBUTE Acct-Unique-Session-Id 1051 string
+ATTRIBUTE Client-IP-Address 1052 ipaddr
+ATTRIBUTE Ldap-UserDn 1053 string
+ATTRIBUTE NS-MTA-MD5-Password 1054 string
+ATTRIBUTE SQL-User-Name 1055 string
+ATTRIBUTE LM-Password 1057 octets
+ATTRIBUTE NT-Password 1058 octets
+ATTRIBUTE SMB-Account-CTRL 1059 integer
+ATTRIBUTE SMB-Account-CTRL-TEXT 1061 string
+ATTRIBUTE User-Profile 1062 string
+ATTRIBUTE Digest-Realm 1063 string
+ATTRIBUTE Digest-Nonce 1064 string
+ATTRIBUTE Digest-Method 1065 string
+ATTRIBUTE Digest-URI 1066 string
+ATTRIBUTE Digest-QOP 1067 string
+ATTRIBUTE Digest-Algorithm 1068 string
+ATTRIBUTE Digest-Body-Digest 1069 string
+ATTRIBUTE Digest-CNonce 1070 string
+ATTRIBUTE Digest-Nonce-Count 1071 string
+ATTRIBUTE Digest-User-Name 1072 string
+ATTRIBUTE Pool-Name 1073 string
+ATTRIBUTE Ldap-Group 1074 string
+ATTRIBUTE Module-Success-Message 1075 string
+ATTRIBUTE Module-Failure-Message 1076 string
+# X99-Fast 1077 integer
+
+#
+# Non-Protocol Attributes
+# These attributes are used internally by the server
+#
+ATTRIBUTE Auth-Type 1000 integer
+ATTRIBUTE Menu 1001 string
+ATTRIBUTE Termination-Menu 1002 string
+ATTRIBUTE Prefix 1003 string
+ATTRIBUTE Suffix 1004 string
+ATTRIBUTE Group 1005 string
+ATTRIBUTE Crypt-Password 1006 string
+ATTRIBUTE Connect-Rate 1007 integer
+ATTRIBUTE Add-Prefix 1008 string
+ATTRIBUTE Add-Suffix 1009 string
+ATTRIBUTE Expiration 1010 date
+ATTRIBUTE Autz-Type 1011 integer
+
+#
+# Integer Translations
+#
+
+# User Types
+
+VALUE Service-Type Login-User 1
+VALUE Service-Type Framed-User 2
+VALUE Service-Type Callback-Login-User 3
+VALUE Service-Type Callback-Framed-User 4
+VALUE Service-Type Outbound-User 5
+VALUE Service-Type Administrative-User 6
+VALUE Service-Type NAS-Prompt-User 7
+VALUE Service-Type Authenticate-Only 8
+VALUE Service-Type Callback-NAS-Prompt 9
+VALUE Service-Type Call-Check 10
+VALUE Service-Type Callback-Administrative 11
+
+# Framed Protocols
+
+VALUE Framed-Protocol PPP 1
+VALUE Framed-Protocol SLIP 2
+VALUE Framed-Protocol ARAP 3
+VALUE Framed-Protocol Gandalf-SLML 4
+VALUE Framed-Protocol Xylogics-IPX-SLIP 5
+VALUE Framed-Protocol X.75-Synchronous 6
+
+# Framed Routing Values
+
+VALUE Framed-Routing None 0
+VALUE Framed-Routing Broadcast 1
+VALUE Framed-Routing Listen 2
+VALUE Framed-Routing Broadcast-Listen 3
+
+# Framed Compression Types
+
+VALUE Framed-Compression None 0
+VALUE Framed-Compression Van-Jacobson-TCP-IP 1
+VALUE Framed-Compression IPX-Header-Compression 2
+VALUE Framed-Compression Stac-LZS 3
+
+# Login Services
+
+VALUE Login-Service Telnet 0
+VALUE Login-Service Rlogin 1
+VALUE Login-Service TCP-Clear 2
+VALUE Login-Service PortMaster 3
+VALUE Login-Service LAT 4
+VALUE Login-Service X25-PAD 5
+VALUE Login-Service X25-T3POS 6
+VALUE Login-Service TCP-Clear-Quiet 8
+
+# Login-TCP-Port (see /etc/services for more examples)
+
+VALUE Login-TCP-Port Telnet 23
+VALUE Login-TCP-Port Rlogin 513
+VALUE Login-TCP-Port Rsh 514
+
+# Status Types
+
+VALUE Acct-Status-Type Start 1
+VALUE Acct-Status-Type Stop 2
+VALUE Acct-Status-Type Interim-Update 3
+VALUE Acct-Status-Type Alive 3
+VALUE Acct-Status-Type Accounting-On 7
+VALUE Acct-Status-Type Accounting-Off 8
+# RFC 2867 Additional Status-Type Values
+VALUE Acct-Status-Type Tunnel-Start 9
+VALUE Acct-Status-Type Tunnel-Stop 10
+VALUE Acct-Status-Type Tunnel-Reject 11
+VALUE Acct-Status-Type Tunnel-Link-Start 12
+VALUE Acct-Status-Type Tunnel-Link-Stop 13
+VALUE Acct-Status-Type Tunnel-Link-Reject 14
+
+# Authentication Types
+
+VALUE Acct-Authentic RADIUS 1
+VALUE Acct-Authentic Local 2
+
+# Termination Options
+
+VALUE Termination-Action Default 0
+VALUE Termination-Action RADIUS-Request 1
+
+# NAS Port Types
+
+VALUE NAS-Port-Type Async 0
+VALUE NAS-Port-Type Sync 1
+VALUE NAS-Port-Type ISDN 2
+VALUE NAS-Port-Type ISDN-V120 3
+VALUE NAS-Port-Type ISDN-V110 4
+VALUE NAS-Port-Type Virtual 5
+VALUE NAS-Port-Type PIAFS 6
+VALUE NAS-Port-Type HDLC-Clear-Channel 7
+VALUE NAS-Port-Type X.25 8
+VALUE NAS-Port-Type X.75 9
+VALUE NAS-Port-Type G.3-Fax 10
+VALUE NAS-Port-Type SDSL 11
+VALUE NAS-Port-Type ADSL-CAP 12
+VALUE NAS-Port-Type ADSL-DMT 13
+VALUE NAS-Port-Type IDSL 14
+VALUE NAS-Port-Type Ethernet 15
+VALUE NAS-Port-Type xDSL 16
+VALUE NAS-Port-Type Cable 17
+VALUE NAS-Port-Type Wireless-Other 18
+VALUE NAS-Port-Type Wireless-802.11 19
+
+# Acct Terminate Causes, available in 3.3.2 and later
+
+VALUE Acct-Terminate-Cause User-Request 1
+VALUE Acct-Terminate-Cause Lost-Carrier 2
+VALUE Acct-Terminate-Cause Lost-Service 3
+VALUE Acct-Terminate-Cause Idle-Timeout 4
+VALUE Acct-Terminate-Cause Session-Timeout 5
+VALUE Acct-Terminate-Cause Admin-Reset 6
+VALUE Acct-Terminate-Cause Admin-Reboot 7
+VALUE Acct-Terminate-Cause Port-Error 8
+VALUE Acct-Terminate-Cause NAS-Error 9
+VALUE Acct-Terminate-Cause NAS-Request 10
+VALUE Acct-Terminate-Cause NAS-Reboot 11
+VALUE Acct-Terminate-Cause Port-Unneeded 12
+VALUE Acct-Terminate-Cause Port-Preempted 13
+VALUE Acct-Terminate-Cause Port-Suspended 14
+VALUE Acct-Terminate-Cause Service-Unavailable 15
+VALUE Acct-Terminate-Cause Callback 16
+VALUE Acct-Terminate-Cause User-Error 17
+VALUE Acct-Terminate-Cause Host-Request 18
+
+#VALUE Tunnel-Type L2TP 3
+#VALUE Tunnel-Medium-Type IP 1
+
+VALUE Prompt No-Echo 0
+VALUE Prompt Echo 1
+
+#
+# Non-Protocol Integer Translations
+#
+
+VALUE Auth-Type Local 0
+VALUE Auth-Type System 1
+VALUE Auth-Type SecurID 2
+VALUE Auth-Type Crypt-Local 3
+VALUE Auth-Type Reject 4
+VALUE Auth-Type ActivCard 5
+VALUE Auth-Type EAP 6
+VALUE Auth-Type ARAP 7
+
+#
+# Cistron extensions
+#
+VALUE Auth-Type Ldap 252
+VALUE Auth-Type Pam 253
+VALUE Auth-Type Accept 254
+
+VALUE Auth-Type PAP 1024
+VALUE Auth-Type CHAP 1025
+VALUE Auth-Type LDAP 1026
+VALUE Auth-Type PAM 1027
+VALUE Auth-Type MS-CHAP 1028
+VALUE Auth-Type Kerberos 1029
+VALUE Auth-Type CRAM 1030
+VALUE Auth-Type NS-MTA-MD5 1031
+VALUE Auth-Type CRAM 1032
+VALUE Auth-Type SMB 1033
+
+#
+# Authorization type, too.
+#
+VALUE Autz-Type Local 0
+
+#
+# Experimental Non-Protocol Integer Translations for Cistron-Radiusd
+#
+VALUE Fall-Through No 0
+VALUE Fall-Through Yes 1
+
+VALUE Packet-Type Access-Request 1
+VALUE Packet-Type Access-Accept 2
+VALUE Packet-Type Access-Reject 3
+VALUE Packet-Type Accounting-Request 4
+VALUE Packet-Type Accounting-Response 5
+VALUE Packet-Type Accounting-Status 6
+VALUE Packet-Type Password-Request 7
+VALUE Packet-Type Password-Accept 8
+VALUE Packet-Type Password-Reject 9
+VALUE Packet-Type Accounting-Message 10
+VALUE Packet-Type Access-Challenge 11
+VALUE Packet-Type Status-Server 12
+VALUE Packet-Type Status-Client 13
+
+# Tunnel Type
+VALUE Tunnel-Type PPTP 1
+VALUE Tunnel-Type L2F 2
+VALUE Tunnel-Type L2TP 3
+VALUE Tunnel-Type ATMP 4
+VALUE Tunnel-Type VTP 5
+VALUE Tunnel-Type AH 6
+VALUE Tunnel-Type IP 7
+VALUE Tunnel-Type MIN-IP 8
+VALUE Tunnel-Type ESP 9
+VALUE Tunnel-Type GRE 10
+VALUE Tunnel-Type DVS 11
+VALUE Tunnel-Type IP-in-IP 12
+
+# Tunnel Medium Type
+VALUE Tunnel-Medium-Type IP 1
+VALUE Tunnel-Medium-Type IPv4 1
+VALUE Tunnel-Medium-Type IPv6 2
+VALUE Tunnel-Medium-Type NSAP 3
+VALUE Tunnel-Medium-Type HDLC 4
+VALUE Tunnel-Medium-Type BBN-1822 5
+VALUE Tunnel-Medium-Type IEEE-802 6
+VALUE Tunnel-Medium-Type E.163 7
+VALUE Tunnel-Medium-Type E.164 8
+VALUE Tunnel-Medium-Type F.69 9
+VALUE Tunnel-Medium-Type X.121 10
+VALUE Tunnel-Medium-Type IPX 11
+VALUE Tunnel-Medium-Type Appletalk 12
+VALUE Tunnel-Medium-Type DecNet-IV 13
+VALUE Tunnel-Medium-Type Banyan-Vines 14
+VALUE Tunnel-Medium-Type E.164-NSAP 15
diff --git a/source/lib/nagios/plugins/dictionary.freeradius b/source/lib/nagios/plugins/dictionary.freeradius
new file mode 100644
index 0000000000000000000000000000000000000000..dc9fb226c925015c2165b2774e67c02ac63c10a0
--- /dev/null
+++ b/source/lib/nagios/plugins/dictionary.freeradius
@@ -0,0 +1,91 @@
+# -*- text -*-
+# Copyright (C) 2015 The FreeRADIUS Server project and contributors
+#
+# The FreeRADIUS Vendor-Specific dictionary.
+#
+# Version: $Id: ea468da88509aeff96b6f0d38ebc97411b9775b3 $
+#
+# For a complete list of Private Enterprise Codes, see:
+#
+# http://www.isi.edu/in-notes/iana/assignments/enterprise-numbers
+#
+
+VENDOR FreeRADIUS 11344
+
+BEGIN-VENDOR FreeRADIUS
+
+#
+# This attribute is really a bitmask.
+#
+ATTRIBUTE FreeRADIUS-Statistics-Type 127 integer
+
+VALUE FreeRADIUS-Statistics-Type None 0
+VALUE FreeRADIUS-Statistics-Type Authentication 1
+VALUE FreeRADIUS-Statistics-Type Accounting 2
+VALUE FreeRADIUS-Statistics-Type Proxy-Authentication 4
+VALUE FreeRADIUS-Statistics-Type Proxy-Accounting 8
+VALUE FreeRADIUS-Statistics-Type Internal 0x10
+VALUE FreeRADIUS-Statistics-Type Client 0x20
+VALUE FreeRADIUS-Statistics-Type Server 0x40
+VALUE FreeRADIUS-Statistics-Type Home-Server 0x80
+
+VALUE FreeRADIUS-Statistics-Type Auth-Acct 0x03
+VALUE FreeRADIUS-Statistics-Type Proxy-Auth-Acct 0x0c
+
+VALUE FreeRADIUS-Statistics-Type All 0x1f
+
+#
+# FreeRADIUS statistic result attributes
+#
+ATTRIBUTE FreeRADIUS-Total-Access-Requests 128 integer
+ATTRIBUTE FreeRADIUS-Total-Access-Accepts 129 integer
+ATTRIBUTE FreeRADIUS-Total-Access-Rejects 130 integer
+ATTRIBUTE FreeRADIUS-Total-Access-Challenges 131 integer
+ATTRIBUTE FreeRADIUS-Total-Auth-Responses 132 integer
+ATTRIBUTE FreeRADIUS-Total-Auth-Duplicate-Requests 133 integer
+ATTRIBUTE FreeRADIUS-Total-Auth-Malformed-Requests 134 integer
+ATTRIBUTE FreeRADIUS-Total-Auth-Invalid-Requests 135 integer
+ATTRIBUTE FreeRADIUS-Total-Auth-Dropped-Requests 136 integer
+ATTRIBUTE FreeRADIUS-Total-Auth-Unknown-Types 137 integer
+
+ATTRIBUTE FreeRADIUS-Total-Proxy-Access-Requests 138 integer
+ATTRIBUTE FreeRADIUS-Total-Proxy-Access-Accepts 139 integer
+ATTRIBUTE FreeRADIUS-Total-Proxy-Access-Rejects 140 integer
+ATTRIBUTE FreeRADIUS-Total-Proxy-Access-Challenges 141 integer
+ATTRIBUTE FreeRADIUS-Total-Proxy-Auth-Responses 142 integer
+ATTRIBUTE FreeRADIUS-Total-Proxy-Auth-Duplicate-Requests 143 integer
+ATTRIBUTE FreeRADIUS-Total-Proxy-Auth-Malformed-Requests 144 integer
+ATTRIBUTE FreeRADIUS-Total-Proxy-Auth-Invalid-Requests 145 integer
+ATTRIBUTE FreeRADIUS-Total-Proxy-Auth-Dropped-Requests 146 integer
+ATTRIBUTE FreeRADIUS-Total-Proxy-Auth-Unknown-Types 147 integer
+
+ATTRIBUTE FreeRADIUS-Total-Accounting-Requests 148 integer
+ATTRIBUTE FreeRADIUS-Total-Accounting-Responses 149 integer
+ATTRIBUTE FreeRADIUS-Total-Acct-Duplicate-Requests 150 integer
+ATTRIBUTE FreeRADIUS-Total-Acct-Malformed-Requests 151 integer
+ATTRIBUTE FreeRADIUS-Total-Acct-Invalid-Requests 152 integer
+ATTRIBUTE FreeRADIUS-Total-Acct-Dropped-Requests 153 integer
+ATTRIBUTE FreeRADIUS-Total-Acct-Unknown-Types 154 integer
+
+ATTRIBUTE FreeRADIUS-Total-Proxy-Accounting-Requests 155 integer
+ATTRIBUTE FreeRADIUS-Total-Proxy-Accounting-Responses 156 integer
+ATTRIBUTE FreeRADIUS-Total-Proxy-Acct-Duplicate-Requests 157 integer
+ATTRIBUTE FreeRADIUS-Total-Proxy-Acct-Malformed-Requests 158 integer
+ATTRIBUTE FreeRADIUS-Total-Proxy-Acct-Invalid-Requests 159 integer
+ATTRIBUTE FreeRADIUS-Total-Proxy-Acct-Dropped-Requests 160 integer
+ATTRIBUTE FreeRADIUS-Total-Proxy-Acct-Unknown-Types 161 integer
+
+ATTRIBUTE FreeRADIUS-Queue-Len-Internal 162 integer
+ATTRIBUTE FreeRADIUS-Queue-Len-Proxy 163 integer
+ATTRIBUTE FreeRADIUS-Queue-Len-Auth 164 integer
+ATTRIBUTE FreeRADIUS-Queue-Len-Acct 165 integer
+ATTRIBUTE FreeRADIUS-Queue-Len-Detail 166 integer
+
+ATTRIBUTE FreeRADIUS-Stats-Start-Time 176 date
+ATTRIBUTE FreeRADIUS-Stats-HUP-Time 177 date
+
+ATTRIBUTE FreeRADIUS-Queue-PPS-In 181 integer
+ATTRIBUTE FreeRADIUS-Queue-PPS-In 182 integer
+
+
+END-VENDOR FreeRADIUS
\ No newline at end of file
diff --git a/source/packages/check_radius b/source/packages/check_radius
new file mode 100644
index 0000000000000000000000000000000000000000..b14b394a21c71e70af36010c262794dcad5dbe2c
--- /dev/null
+++ b/source/packages/check_radius
@@ -0,0 +1,15 @@
+{'author': 'Th.L. (thl-cmk[at]outlook[dot]com)',
+ 'description': 'active RADIUS check\n',
+ 'download_url': 'https://thl-cmk.hopto.org',
+ 'files': {'checks': ['check_radius'],
+ 'gui': ['metrics/check_radius.py',
+ 'wato/check_parameters/check_radius.py'],
+ 'lib': ['nagios/plugins/check_radius',
+ 'nagios/plugins/dictionary',
+ 'nagios/plugins/dictionary.freeradius']},
+ 'name': 'check_radius',
+ 'title': 'Check RADIUS',
+ 'version': '0.0.1-20240421',
+ 'version.min_required': '2.2.0b1',
+ 'version.packaged': '2.2.0p24',
+ 'version.usable_until': None}