Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Check that FreeRADIUS stack is running
#! /bin/bash
CONFIG_DISK_THRESHOLD=95
FR_PIDFILE=/var/run/freeradius/freeradius.pid
FR_BINARY=/usr/sbin/freeradius
DATE_MIN=$(date +%_M)
TEST_USER=checkuser
TEST_DOMAIN=my.domain.example
TEST_PASSWORD=password
LOG_PERIOD=30
CMD_PERIOD=5
LOG=""
function periodic_log
{
[ "$(($DATE_MIN % $LOG_PERIOD))" -eq "0" ]
return $?
}
function periodic
{
[ "$(($DATE_MIN % $CMD_PERIOD))" -eq "0" ]
return $?
}
function log
{
LOG="$LOG
$*"
}
function start_freeradius
{
log "Attempting to start FreeRADIUS"
if disc_is_ok; then
log $(/etc/init.d/freeradius start 2>&1)
else
log "disc check failed, not starting"
fi
}
function stop_freeradius
{
log "Stopping FreeRADIUS"
log $(/etc/init.d/freeradius stop 2>&1)
}
function restart_winbind
{
log "Restarting winbind"
log $(/etc/init.d/winbind restart 2>&1)
}
function disc_usage
{
[ -z "$1" ] && return 2
DISC="$1"
df "$DISC" | awk '/^\//{print $5}' | tr -d '%' | head -1
}
function finished
{
echo "FreeRADIUS process check"
echo "$LOG"
echo
echo "End of report"
exit
}
# --
function disc_is_ok
{
USAGE=$(disc_usage /)
if [ "$USAGE" -gt "$CONFIG_DISK_THRESHOLD" ]; then
log "WARNING: Disc usage too high!"
log " ($USAGE > $CONFIG_DISK_THRESHOLD)"
return 1
fi
return 0
}
function freeradius_is_running
{
if [ -r "$FR_PIDFILE" ]; then
PID=$(cat $FR_PIDFILE)
if grep -q "$FR_BINARY" /proc/$PID/cmdline; then
return 0
fi
fi
if ps -ef | grep -v grep | grep -q "$FR_BINARY"; then
return 0
fi
return 1
}
function ad_auth_check_ok
{
ntlm_auth --username=$TEST_USER --domain=$TEST_DOMAIN --password=$TEST_PASSWORD >/dev/null 2>&1
return $?
}
if ! disc_is_ok; then
if freeradius_is_running; then
stop_freeradius
finished
fi
if periodic_log; then
log "FreeRADIUS is stopped"
finished
fi
exit
fi
if periodic; then
log "Testing AD authentication"
if ! ad_auth_check_ok; then
log "Restarting winbind"
restart_winbind
fi
if freeradius_is_running && ! ad_auth_check_ok; then
log "FreeRADIUS is running, but AD auth failed - stopping FreeRADIUS"
stop_freeradius
finished
fi
fi
if ! freeradius_is_running; then
log "FreeRADIUS is not running but should be"
log "Testing NTLM authenticaion"
if ad_auth_check_ok; then
log "Auth passed"
start_freeradius
else
log "Auth failed, not starting FreeRADIUS"
fi
finished
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment