[Nagiosplug-help] check_radius Auth Error (sgn)

[rodolphe.cahen at quiconnect.com]

Hum,

well, good catch for the paranoid chown.

for the rest, i am not a english mother tongue speaker, so you will 
excuse my funni-est solution ...

Andreas Ericsson wrote:
> rodolphe.cahen at quiconnect.com wrote:
> 
>> I have found a solution:
>>
>> this is what i call the sticky-bit problem:
>>
> 
> Just to be anal; The sticky bit is the t flag to chmod. The s in the 
> command chmod +s denotes the setuid bit (set user id, sometimes known as 
> the setsuid (set super user id), since s is mostly used to elevate 
> programs to super user access rights).
> 
>> the plugin check_radius must have the following flags:
>> -rwsr-xr-x 1 root root 16883 Apr 26 2004 check_radius
>> (not those one = -rwxr-xr-x)
>>
>> to fix it, use =
>>
>> chmod u+s check_radius
>>
> 
> Or the more paranoid ( = secure)
> chown root:nagios check_radius; chmod 4750 check_radius
> 
>> then, the checkcommands.cfg must look like:
>>
>> # 'check_radius_server-de-test ' command definition
>> define command{
>> command_name check_radius_testserver
>> command_line $USER1$/check_radius -H ip-testserver -F 
>> /etc/radiusclient/radiusclient.conf -u user1 at testserver -p user1_pass 
>> -P port_radius_number
>> }
>>
>>
>>
>> Thanks to all.
>>
>>
>>
>>
>> Andrew Lillie wrote:
>>
>>> Have you tried setting the full path in your "command_line" 
>>> attribute, rather than relying on the $USER1$ macro?
>>>
>>> -=A=-
>>>
>>> rodolphe.cahen at quiconnect.com wrote:
>>>
>>>> Hello,
>>>>
>>>>
>>>> I am using a Mandrake 10.1 with nagios-1.2 , nagios-plugins-1.3.1-10 
>>>> and radiusclient-0.3.2-0.
>>>>
>>>> All me services and plugins are set-up (including conf files for 
>>>> radiusclient) and running.
>>>>
>>>> My problem is the check_radius plugin.
>>>>
>>>> If I launch a check_radius request from the command line, i am 
>>>> getting an "Auth OK".
>>>>
>>>> If I run nagios, the same request gets a "Auth Error".
>>>>
>>>> I have double checks all my nagios conf files, includind macro def 
>>>> and directory links. I have also checked files ownerchip ...
>>>>
>>>> Does any one have a clue ??
>>>>
>>>>
>>>>
>>>> Her's sample of my conf files:
>>>>
>>>> ==== checkcommands.cfg ====
>>>>
>>>> # 'check_radius-test' command definition
>>>> define command{
>>>>         command_name    check_radius-test
>>>>         command_line    $USER1$/check_radius -v -H my_radius_server 
>>>> -F /etc/radiusclient/radiusclient.conf -u 
>>>> my_user_test at my_radius_server -p my_user_test_password -P 1812
>>>>         }
>>>>
>>>> ==== services.cfg ====
>>>>
>>>> define service {
>>>>         use                             generic-service
>>>>         host_name                       my_radius_server
>>>>         service_description             check_radius
>>>>         is_volatile                     0
>>>>         check_period                    24x7
>>>>         max_check_attempts              3
>>>>         normal_check_interval           5
>>>>         retry_check_interval            1
>>>>         contact_groups                  admin
>>>>         notification_interval           60
>>>>         notification_period             24x7
>>>>         notification_options            w,u,c,r
>>>>         check_command                   check_radius-test
>>>>         }
>>>>
>>>>
>>>> ==== command-plugins.cfg ====
>>>>
>>>> command[check_radius]=/usr/lib/nagios/plugins/check_radius $ARG1$ 
>>>> $ARG2$ $HOSTADDRESS$ 1812 $ARG3$
>>>>
>>>>
>>>>
>>>> ==== resources.cfg ====
>>>>
>>>> # Sets $USER1$ to be the path to the plugins
>>>> $USER1$=/usr/lib/nagios/plugins
>>>>
>>>>
>>>> ==== ls -la /usr/lib/nagios/plugins/ ====
>>>> -rwxr-xr-x    1 nagios   apache      16883 Apr 26  2004 check_radius
>>>
>>>
>>>
>>>
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4291 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://www.monitoring-plugins.org/archive/help/attachments/20050111/bf992951/attachment.bin>