Hello,
We have a situation in which we have 2 Radiator servers setup, one
in city A and one in city B. Our goal is the following:
Users authenticating in city A authenticate and store accounting locally,
but also forward accounting to city B.
Users with realms from city A can login to city B. Basically city B
forwards authentication & accounting for those realms to the radius server
running in city A. However, accounting must be also be stored locally in
city B.
The idea is that both city A and city B need the get the accounting
associated with realms from city A.
I've done what I believe is the proper configuration, but it seems like
what is happening is the accounting packets are ping-ponging back and
forth between the radius servers when a user logs into city A. The
accounting logs in city A show the following:
Tue Sep 5 10:30:25 2000
Acct-Status-Type = Start
Acct-Session-Id = "a10a6962"
Acct-Delay-Time = 15
NAS-Port = 39
NAS-Port-Type = Async
User-Name = "[EMAIL PROTECTED]"
Service-Type = Framed-User
Framed-Protocol = PPP
Called-Station-Id = "8400"
Idle-Timeout = 900
Connect-Info = "26400 19200 V.34"
Acct-Authentic = RADIUS
NAS-IP-Address = 199.199.199.199
Timestamp = 968160482
Timestamp = 968160619
Timestamp = 968160483
Timestamp = 968160620
Timestamp = 968160484
Timestamp = 968160620
Timestamp = 968160485
Timestamp = 968160622
Timestamp = 968160486
Timestamp = 968160623
...
and so on. It appears a duplicate accounting packets are dumped, each one
with one more Timestamp field. This is what tells me that accounting must
be being bounced back and forth.
Here is the relevant configuration we have in city A with radius server IP
5.6.7.8 running v2.16.3:
<Realm /e-net.com.br/i>
AuthByPolicy DoAll
# Lower case everything
RewriteUsername tr/A-Z/a-z/;
AcctLogFileName /radius/radiator/%c/detail
# Forward accounting to City B
<AuthBy RADIUS>
Host 1.2.3.4
Secret blah
RetryTimeout 30
NoForwardAuthentication
</AuthBy>
# Authentication, also some work with Accounting
<AuthBy SQL>
....
</AuthBy>
</Realm>
And in City B with IP 1.2.3.4 running v2.16.1:
<Realm /e-net.com.br/i>
RewriteUsername tr/A-Z/a-z/;
AcctLogFileName /radius_logs/%R/%m-%d-%Y/%c
<AuthBy RADIUS>
Host 5.6.7.8
Secret blah
</AuthBy>
</Realm>
Now what I believe must be happening is a user logs in at city A. An
accounting packet is generated from the RAS and sent to the radius server
in city A. This server stores it locally, then forwards the accounting to
city B. Now city B gets the accounting and sees that it is the
e-net.com.br realm, and then forwards it back to city A, and then back and
forth. I am not sure if this is happening though, because I thought the
Proxy state flag would be set and no more forwarding would take place.
If it will help that I get some debug information, please let me know. I
was thinking someone could point out an error in my configuration or if
I'm doing something else wrong.
Thanks for any help.
Viraj.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
