[Nagiosplug-help] check_radius Auth Error (sgn)

Andreas Ericsson ae at op5.se
Tue Jan 11 09:11:04 CET 2005


rodolphe.cahen at quiconnect.com wrote:
> I have found a solution:
> 
> this is what i call the sticky-bit problem:
> 

Just to be anal; The sticky bit is the t flag to chmod. The s in the 
command chmod +s denotes the setuid bit (set user id, sometimes known as 
the setsuid (set super user id), since s is mostly used to elevate 
programs to super user access rights).

> the plugin check_radius must have the following flags:
> -rwsr-xr-x 1 root root 16883 Apr 26 2004 check_radius
> (not those one = -rwxr-xr-x)
> 
> to fix it, use =
> 
> chmod u+s check_radius
> 

Or the more paranoid ( = secure)
chown root:nagios check_radius; chmod 4750 check_radius

> then, the checkcommands.cfg must look like:
> 
> # 'check_radius_server-de-test ' command definition
> define command{
> command_name check_radius_testserver
> command_line $USER1$/check_radius -H ip-testserver -F 
> /etc/radiusclient/radiusclient.conf -u user1 at testserver -p user1_pass -P 
> port_radius_number
> }
> 
> 
> 
> Thanks to all.
> 
> 
> 
> 
> Andrew Lillie wrote:
> 
>> Have you tried setting the full path in your "command_line" attribute, 
>> rather than relying on the $USER1$ macro?
>>
>> -=A=-
>>
>> rodolphe.cahen at quiconnect.com wrote:
>>
>>> Hello,
>>>
>>>
>>> I am using a Mandrake 10.1 with nagios-1.2 , nagios-plugins-1.3.1-10 
>>> and radiusclient-0.3.2-0.
>>>
>>> All me services and plugins are set-up (including conf files for 
>>> radiusclient) and running.
>>>
>>> My problem is the check_radius plugin.
>>>
>>> If I launch a check_radius request from the command line, i am 
>>> getting an "Auth OK".
>>>
>>> If I run nagios, the same request gets a "Auth Error".
>>>
>>> I have double checks all my nagios conf files, includind macro def 
>>> and directory links. I have also checked files ownerchip ...
>>>
>>> Does any one have a clue ??
>>>
>>>
>>>
>>> Her's sample of my conf files:
>>>
>>> ==== checkcommands.cfg ====
>>>
>>> # 'check_radius-test' command definition
>>> define command{
>>>         command_name    check_radius-test
>>>         command_line    $USER1$/check_radius -v -H my_radius_server 
>>> -F /etc/radiusclient/radiusclient.conf -u 
>>> my_user_test at my_radius_server -p my_user_test_password -P 1812
>>>         }
>>>
>>> ==== services.cfg ====
>>>
>>> define service {
>>>         use                             generic-service
>>>         host_name                       my_radius_server
>>>         service_description             check_radius
>>>         is_volatile                     0
>>>         check_period                    24x7
>>>         max_check_attempts              3
>>>         normal_check_interval           5
>>>         retry_check_interval            1
>>>         contact_groups                  admin
>>>         notification_interval           60
>>>         notification_period             24x7
>>>         notification_options            w,u,c,r
>>>         check_command                   check_radius-test
>>>         }
>>>
>>>
>>> ==== command-plugins.cfg ====
>>>
>>> command[check_radius]=/usr/lib/nagios/plugins/check_radius $ARG1$ 
>>> $ARG2$ $HOSTADDRESS$ 1812 $ARG3$
>>>
>>>
>>>
>>> ==== resources.cfg ====
>>>
>>> # Sets $USER1$ to be the path to the plugins
>>> $USER1$=/usr/lib/nagios/plugins
>>>
>>>
>>> ==== ls -la /usr/lib/nagios/plugins/ ====
>>> -rwxr-xr-x    1 nagios   apache      16883 Apr 26  2004 check_radius
>>
>>
>>

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Lead Developer




More information about the Help mailing list