Cecilia Gripenberg – Senior Consultant
RADIUS is used quite frequently to provide central authentication, most commonly Wifi (thru EAP and 802.1x) and Virtual Private Network connections, so that users can use their own Active Directory credentials to log in. But what happens when these fail? Nobody can log in and with today’s VPN connections, working becomes quite difficult. Fortunately, there are lots of monitoring plugins and alternatives available to help you with this task.
Monitoring can be performed on several different levels:
- Servers – RADIUS servers are responding and that the servers are healthy (for example check_radius)
- Log Monitoring – Is activity during expected times? Are there any errors?
- Clients – ensuring normal users can log in
The most straightforward types are server monitoring and log monitoring. This is because this monitoring is very similar to existing that you likely already have in place.
If you want more detail, it’s good to opt for monitoring that tells you about your users’ experience. With client monitoring, a client (on an affected wireless network) with an agent will be contacted continuously to see if it is still connected to the network (and thus able to contact the RADIUS servers).
Just the mere fact that your RADIUS servers are responding only one covers one side of your services. If you want even better coverage, you’ll also want to monitor these aspects:
- Access Points – Health
- VPN servers – Health
Access points can be monitored for response times. Furthermore, some controllers can provide a substantial amount of information regarding their health.
VPN appliance health can also be monitored, using check_nwc_health, for instance.
The client can also be made to run tests using synthetic tests like file transfers, if throughput needs to be tested. This can give you a good idea of how well your clients are able to communicate with access points or VPN servers. Monitored clients can also be spread across different locations, giving you insight into a wider geographical area.
As you can see, monitoring of RADIUS servers and related services can be performed in a range of different ways. Should you need to setup monitoring for your Microsoft Network Policy Server or FreeRADIUS, or discuss the best solution for your environment, please don’t hesitate to contact us.
About the author
Deep knowledge of Icinga, op5 Monitor and Nagios. Plugin developer and automation engineer with focus on Ansible.