Re: [RadiusNT] Radius Monitoring in WUG

Dale E. Reed Jr. ( (no email) )
Fri, 07 Apr 2000 15:38:56 -0700

Troy Settle wrote:
> Thanks for the response. Here's what I have in WUG for the radius service:
> Expect: <none>
> Send: \aD\@,0123456789012345\a Radius
> Expect: %03D
> Send: <none>
> Note: This has worked great for us for many months now. WUG 4.0 and 5.0.

Unfortunately, its also a completely incorrect RADIUS request (see

> -------------------------------------------------------------
> >From 2.5.175 (works):
> radrecv: Request from host cf13c340 code=1, id=68, length=44
> User-Name = "Radius"
> rad_authenticate_ODBC()
> Sending Reject of id 68 to cf13c340 (wug)
> Authenticate: from wug - No Password

RadiusNT 2.5 doesn't verify the integrity of the request and
assumes a lot.

> -------------------------------------------------------------
> >From 3.0.147 (not working):
> SQL Statement: {CALL RadGetCacheUsers('20000323 12:38:17',2)}
> radrecv: Request from host cf13c340 (wug) code=1, id=68, length=44
> Invalid Attribute Length. Attribute: 1 Length:32

Which is completely true. You see the Attribute is 1-32-{radius},
where the 32 is the attribute length. Since the packet doesn't have
32 bytes of data, its malformed.

> >From 2.5.213 (not working):
> radrecv: Request from host cf13c340 code=1, id=68, length=44
> radrecv: Request length:44 UDP Length:28
> Request from wug - Malformed Packet

Hmmm. Must be the same fix as V3. :)

What you really need to do is read the FAQ on this. Its very
clear and works well. The major advantage of this is that you
do NOT get entries in your radlogs for this. I've talked to IpSwitch
about clearly defining the formats. Radlogin has a special mode to
spit out the send string, but WUPG never liked it, so I gave up.

> Can I use WhatsUp to monitor the status of RadiusNT running as a service?
> WhatsUp Gold can monitor your RADIUS servers and tell you about
> an outage. Instructions are included with it on how to monitor
> a RADIUS server.
> For RadiusNT:
> Create a user called wupg (or test, or whatever, just make it
> four characters) with a password of "ANY" (no quotes, all
> uppercase). The parameters shouldn't make since for a normal
> user to login as. I use a User-Service=Dialback to insure no
> one can use the account.
> Restart RadiusNT is in text mode.
> In WUPG, enter the following:
> Port: 1645 UDP
> Send on connect: "\aD\@,0123456789012345\a\fwupg\b%18abcdefghijklmnop"
> Expect after: "\bD\@"
> You can change the wupg name to any four characters, just don't
> change anything else in the send string.


Dale E. Reed Jr. Emerald and RadiusNT__________________________________________IEA Software, Inc.

For more information about this list (including removal) go to: