-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcheck-radauth.sh
82 lines (70 loc) · 1.66 KB
/
check-radauth.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#!/bin/bash
# Show help function
function show_help {
cat <<EOF
Usage: check-radauth [-t type] -u testuser -p testpass -r server[:port] -s radius_secret [-n nas_port] -c
-h - show this help
-c - CRITICAL instead of WARNING
type - one of pap/chap/mschap/eap-md5 (mschap by default)
testuser/testpass - testing credentials
server[:port] - address and port of radius server
radius_secret - radius secret
nas_port - NAS-Port attribute (10 by default)
man radtest gives more detailed description
EOF
}
# Default values
TYPE="mschap"
USER=""
PASSWORD=""
SERVER=""
NAS_PORT="10"
SECRET=""
ERROR_STRING="WARNING"
ERROR_STATUS="1"
# Get options
OPTIND=1 # Reset in case getopts has been used previously in the shell.
while getopts "h?ct:u:p:r:s:n" opt; do
case "$opt" in
h|\?)
show_help
exit 0
;;
c) ERROR_STRING="CRITICAL"
ERROR_STATUS="2"
;;
t) TYPE=$OPTARG
;;
u) USER=$OPTARG
;;
p) PASSWORD=$OPTARG
;;
r) SERVER=$OPTARG
;;
s) SECRET=$OPTARG
;;
n) NAS_PORT==$OPTARG
;;
esac
done
shift $((OPTIND-1))
RADTEST=`which radtest`
if [ ! -x $RADTEST ]; then
echo "UNKNOWN - radtest not found"
exit 3;
fi;
RESULT=`$RADTEST -t $TYPE $USER $PASSWORD $SERVER $NAS_PORT $SECRET 2>&1 | grep -E -o 'Access-Accept|Access-Reject|radclient:.*'`
case $RESULT in
Access-Accept)
echo "OK - user $USER successfully authenticated at server $SERVER"
exit 0
;;
Access-Reject)
echo "$ERROR_STRING - user $USER rejected at server $SERVER"
exit $ERROR_STATUS
;;
*)
echo "UNKNOWN - $RESULT"
exit 3
;;
esac