- Monitoring TCP-based Applications
- Monitoring SSL Services
- Monitoring FTP Services
- Secure Monitoring of Servers by using SFTP
- Setting SSL Parameters on a Secure Monitor
- Monitoring SIP Services
- Monitoring RADIUS Services
- Monitoring Accounting Information Delivery from a RADIUS Server
- Monitoring DNS and DNS-TCP Services
- Monitoring LDAP Services
- Monitoring MySQL Services
- Monitoring SNMP Services
- Monitoring NNTP Services
- Monitoring POP3 Services
- Monitoring SMTP Services
- Monitoring RTSP Services
- Monitoring the XML Broker Services
- Monitoring ARP Requests
- Monitoring the XenDesktop Delivery Controller Services
- Monitoring Web Interface Services
- Monitoring Citrix StoreFront Stores
Monitoring RADIUS Services
Oct 20, 2015
The NetScaler appliance RADIUS monitor periodically checks the state of the RADIUS service to which it is bound by sending an authentication request to the service. The RADIUS server authenticates the RADIUS monitor and sends a response. By default, the monitor expects to receive a response code of 2, the default Access-Accept response, from the RADIUS server. As long as the monitor receives the appropriate response, it marks the service UP.
Note: RADIUS monitor supports only PAP type authentication.
- If the client authenticated successfully, the RADIUS server sends an Access-Accept response. The default access-accept response code is 2, and this is the code that the appliance uses.
- If the client fails to authenticate successfully (such as when there is a mismatch in the user name, password, or secret key), the RADIUS server sends an Access-Reject response. The default access-reject response code is 3, and this is the code that the appliance uses.
Parameter |
Specifies |
|---|---|
userName |
User name on the RADIUS/NNTP/FTP/FTP-EXTENDED/MYSQL/POP3 server. This user name is used in the probe. |
password |
Password used in monitoring RADIUS/NNTP/FTP/FTP-EXTENDED/MYSQL/POP3/LDAP servers. |
radKey |
Shared secret key value that the RADIUS server uses during client authentication. |
radNASid |
NAS-ID that is encapsulated in the payload when an access request is made. |
radNASip |
The IP address that is encapsulated in the payload when an access-request is made. When radNASip is not configured, the NetScaler sends the mapped IP address (MIP) to the RADIUS server as the NAS IP address. |
To monitor a RADIUS service, you must configure the RADIUS server to which it is bound as follows:
- Add the user name and password of the client that the monitor will use for authentication to the RADIUS authentication database.
- Add the IP address and secret key of the client to the appropriate RADIUS database.
Add the IP addresses that the appliance uses to send RADIUS packets to the RADIUS database. If the NetScaler appliance has more than one mapped IP address, or if a subnet IP address (SNIP) is used, you must add the same secret key for all of the IP addresses.
Caution: If the IP address used by the appliance are not added to the RADIUS database, the RADIUS server will discard all packets.
To configure built-in monitors to check the state of RADIUS server, see Configuring Monitors in a Load Balancing Setup.
Support:
https://www.citrix.com/support
Feedback and forums:
https://discussions.citrix.com