Re: Saving missed accounting records.
Thor Spruyt [EMAIL PROTECTED] wrote:
2) I still have to relay the packets between the primary an backup
proxyservers, which will then in turn still be relaying to the homeserver
twice
So on each proxying server, put the detail files from the *other*
proxying server in a different place, where radrelay won't read them.
#-- proxyA
DEFAULT Client-IP-Address == ip.of.proxyB, Detail-Goop = proxyb,
Proxy-To-Realm := Local
#---
And in the configuration for the detail module, do:
detailfile = ${radacctdir}/%{Detail-Goop}detail
You'll have to define the Detail-Goop attribute, but that's not
hard. You can then set radrelay on proxyA to NOT read that detail
file, so it won't be copied to to the other server. And the
Proxy-To-Realm attribute will ensure that the packet isn't sent to the
home servers.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Saving missed accounting records.
Alan DeKok wrote:
Thor Spruyt [EMAIL PROTECTED] wrote:
It's a pitty, but radrelay can't be used for proxied packets.
Reason is that if the packets are relayed to the backup server, the
backup doesn't know it has already been proxied and will thus proxy
it again. The homeserver should only receive the packet once of
course!
Can you suggest a fix?
Well... I've given it some thinking and guess what...
Suppose you have a realm with 2 homeservers for redundancy:
realm NULL {
type= radius
authhost= 10.10.10.10:1812
accthost= 10.10.10.10:1813
secret = testing123
}
realm NULL {
type= radius
authhost= 20.20.20.20:1812
accthost= 20.20.20.20:1813
secret = testing123
}
Suppose the primary server receives an acct packets, and proxies it to
20.20.20.20:1813
Then Freeradius-Proxied-To = 20.20.20.20 will be added in the detail file
and relayed to the backup server.
Then the backup server will compare 20.20.20.20 with 10.10.10.10 and will
again proxy the packet to the homeserver (10.10.10.10).
Suggested solution 1: let the primary server add multiple
Freeradius-Proxied-To attributes (one for each server configured for that
realm)
Suggested solution 2: let the backup server check the Freeradius-Proxied-To
attribute against all servers configured for that realm
Suggested solution 3: add a Freeradius-Proxied-Realm attribute, which the
backup server could check against
--
Regards,
Thor Spruyt
What if you just set it up so that it only proxied the auth to the home
server and stored the accounting locally? Then you use radrelay to send
all accounting packets over?
realm NULL {
type= radius
authhost= 20.20.20.20:1812
accthost= LOCAL
secret = testing123
}
That could work, couldn't it?
-Dusty Doris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Saving missed accounting records.
On Thu, 30 Dec 2004, Ray Van Dolson wrote: I'm proxying accounting requests to another Radius server. I'm also saving accounting records to a local detail file and to an SQL database. What I'd like to do is log--in a detail-style file (Livingston records), any accounting records that do *not* make it to my proxy'd Radius server. That way, if for some reason my main Radius server is down, I can easily feed it the missed accounting records. I can do this with Radiator, but don't see a way to do it with FreeRADIUS. Thanks, Ray Check out radrelay. It comes with freeradius. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
