[PACKAGE]: ../../raw/master/mkp/check_radius-0.1.1-20240428.mkp "check_radius-0.1.1-20240428.mkp"
[PYRADLIB]: ../../raw/master/mkp/pyrad-2.4.0-240421.mkp "pyrad-2.4.0-240421.mkp"

This is a (very) basic active RADIUS check. Tests if a RADIUS server is responsive (accept/reject/timeout). There is (limited) support to add AV-pairs to the RADIUS request.

---
### Download
* [Download latest mkp file][PACKAGE]
* [pyrad-2.4.0-240421.mkp][PYRADLIB] The pyrad lib as MKP (contains pyrad 2.4, six 1.16.0, netaddr 1.2.1).

**Note**: before you update to a newer version, always check the [CHANGELOG](CHANGELOG). There migth be incompatible changes.
                        
---
### Installation

You can install the package by uploading it to your CheckMK site and as site user run 
```
mkp add PAKAGE_NAME.mkp
mkp enable PAKAGE_NAME VERSION
```

In the Enterprise/Free/Cloud edition of CheckMK you can use the GUI to install the package (_Setup_ -> _Extension Packages_ -> _Upload package_)

**Note**: before you can use this plugin you need to install the python lib [**_pyrad_**](https://github.com/pyradius/pyrad) into your CMK site. This can be done by issuing the command `pip3 install pyrad` as site user, as long as your CMK server has internet access. If you prefer not to download the pyrad lib from the internet you can also use the additional MKP package **_pyrad-2.4.0-240421.mkp_** (see above).

---
### Want to Contribute?

Nice ;-) Have a look at the [contribution guidelines](CONTRIBUTING.md "Contributing")

---
### Check Info

The plugin creates the service **_RADIUS_** with an optional item.

<details><summary>Montoring states</summary>

| State | condition | WATO | 
| ------ | ------ | ------ |
| WARN/CRIT | wrong response code | yes |
| WARN/CRIT | respos time above levels | yes |
| CRIT | Network error | no |
| CRIT | RADIUS request timeout | no |
| WARN/CRIT | wrong # of response attributes | yes |

</details>

<details><summary>Perfdata</summary>

| Metric | Unit | Perfometer |
| ------ | ------ | ------ |
| response timne | s | yes |

</details>

---
### WATO
<details><summary>Active check rule</summary>

| Section | Rule name |
| ------ | ------ |
| HTTP, TCP, Email, ... | RADIUS service |

| Option | Defailt value | Comment |
| ------ | ------ | --- |
| Service description | none | the optional item |
| Server IP-address or name | none | optional |
| Authentication port | 1812 | |
| Shared secret | none | |
| Request timeout | 1 second | |
| User name | dummyuser | |
| User password | dummypassword | |
| Request Attributes | none | List of optional AV-pairs for the request |
| Expected response | none | Accept/Reject |
| Monitoring state not expected response | Warn | |
| Max. response time | none | Upper levels max. response time in ms |
| # of expected attribues in response | none | |
| Monitoring state on wrong # of response attributes | Warn |  |

</details> 

<details><summary>Supported Request Attributes</summary>

- Called-Station-Id
- Calling-Station-Id
- Cisco-AVPair
- Framed-MTU
- NAS-IP-Address
- NAS-Identifier
- NAS-Port
- NAS-Port-Id
- NAS-Port-Type
- Service-Type

</details>

<details><summary>Active check CLI usage</summary>

```
OMD[build]:~$ ~/local/lib/nagios/plugins/check_radius -h
usage: check_radius [-h] -H HOST --secret SECRET [--username USERNAME] [--password PASSWORD] [--auth-port AUTH_PORT] [--timeout TIMEOUT] [--request-attribute [REQUEST_ATTRIBUTE ...]] [--expected-response {2,3}] [--state-not-expected-response {0,1,2,3}] [--num-resp-attributes NUM_RESP_ATTRIBUTES]
                    [--state-wrong-num-resp-attributes {0,1,2,3}] [--max-response-time MAX_RESPONSE_TIME]

This is a (very) basic active RADIUS check for Check_mk. 
Tests if a RADIUS server is responsive (accept/reject/timeout). There is (limited) support to add AV-pairs to the RADIUS request.

options:
  -h, --help            show this help message and exit
  -H HOST, --host HOST  Host/IP-Address of RADIUS server to query (required) (default: None)
  --secret SECRET       secret RADIUS key (default: None)
  --username USERNAME   user name to test with (default: dummyuser)
  --password PASSWORD   user password to test with (default: dummypassword)
  --auth-port AUTH_PORT
                        RADIUS authentication port to use. (default: 1812)
  --timeout TIMEOUT     RADIUS server timeout (default: 1)
  --request-attribute [REQUEST_ATTRIBUTE ...]
                        add request attribute in the form of "attribute-name:attribute-value" ie: "Called-Station-Id:AA-BB-CC-DD-EE-FF".
                        Repeat to add more attributes. For valid attributes the dictionary file. (default: [])
  --expected-response {2,3}
                        2 -> Accepted, 3 -> Rejected (default: None)
  --state-not-expected-response {0,1,2,3}
                        Monitoring state: 0 -> OK, 1 -> WARN, 2 -> CRIT, 3 -> UNKNOWN (default: 1)
  --num-resp-attributes NUM_RESP_ATTRIBUTES
                        Expected number of response attributes (default: None)
  --state-wrong-num-resp-attributes {0,1,2,3}
                        Monitoring state: 0 -> OK, 1 -> WARN, 2 -> CRIT, 3 -> UNKNOWN (default: 1)
  --max-response-time MAX_RESPONSE_TIME
                        Upper levels for response time in ms in the format WARN,CRIT time. ie: 10,50 (default: None)

(c) thl-cmk[at]outlook[dot], Version: 0.1.1-20240428, For more information see: https://thl-cmk.hopto.org


```
</details>

---
### Sample Output

Sample output

![sample output](img/sample.png?raw=true "sample output")

Sample output details

![sample output details](img/sample-details.png?raw=true "sample output details")