Re: Saving missed accounting records.
Thor Spruyt [EMAIL PROTECTED] wrote: 2) I still have to relay the packets between the primary an backup proxyservers, which will then in turn still be relaying to the homeserver twice So on each proxying server, put the detail files from the *other* proxying server in a different place, where radrelay won't read them. #-- proxyA DEFAULT Client-IP-Address == ip.of.proxyB, Detail-Goop = proxyb, Proxy-To-Realm := Local #--- And in the configuration for the detail module, do: detailfile = ${radacctdir}/%{Detail-Goop}detail You'll have to define the Detail-Goop attribute, but that's not hard. You can then set radrelay on proxyA to NOT read that detail file, so it won't be copied to to the other server. And the Proxy-To-Realm attribute will ensure that the packet isn't sent to the home servers. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Saving missed accounting records.
Alan DeKok wrote: Thor Spruyt [EMAIL PROTECTED] wrote: It's a pitty, but radrelay can't be used for proxied packets. Reason is that if the packets are relayed to the backup server, the backup doesn't know it has already been proxied and will thus proxy it again. The homeserver should only receive the packet once of course! Can you suggest a fix? Well... I've given it some thinking and guess what... Suppose you have a realm with 2 homeservers for redundancy: realm NULL { type= radius authhost= 10.10.10.10:1812 accthost= 10.10.10.10:1813 secret = testing123 } realm NULL { type= radius authhost= 20.20.20.20:1812 accthost= 20.20.20.20:1813 secret = testing123 } Suppose the primary server receives an acct packets, and proxies it to 20.20.20.20:1813 Then Freeradius-Proxied-To = 20.20.20.20 will be added in the detail file and relayed to the backup server. Then the backup server will compare 20.20.20.20 with 10.10.10.10 and will again proxy the packet to the homeserver (10.10.10.10). Suggested solution 1: let the primary server add multiple Freeradius-Proxied-To attributes (one for each server configured for that realm) Suggested solution 2: let the backup server check the Freeradius-Proxied-To attribute against all servers configured for that realm Suggested solution 3: add a Freeradius-Proxied-Realm attribute, which the backup server could check against -- Regards, Thor Spruyt What if you just set it up so that it only proxied the auth to the home server and stored the accounting locally? Then you use radrelay to send all accounting packets over? realm NULL { type= radius authhost= 20.20.20.20:1812 accthost= LOCAL secret = testing123 } That could work, couldn't it? -Dusty Doris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Saving missed accounting records.
On Thu, 30 Dec 2004, Ray Van Dolson wrote: I'm proxying accounting requests to another Radius server. I'm also saving accounting records to a local detail file and to an SQL database. What I'd like to do is log--in a detail-style file (Livingston records), any accounting records that do *not* make it to my proxy'd Radius server. That way, if for some reason my main Radius server is down, I can easily feed it the missed accounting records. I can do this with Radiator, but don't see a way to do it with FreeRADIUS. Thanks, Ray Check out radrelay. It comes with freeradius. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html