Can FreeRADIUS proxy accounting requests to multiple systems?

Sylvain Robitaille syl at alcor.concordia.ca
Fri Jun 13 14:57:22 CEST 2008 

On Thu, 12 Jun 2008, Alan DeKok wrote:

>> I'm looking to have both of these systems proxy incoming accounting
>> data to each other, ...
>
>  That should be easy.  See the "detail" file readers in
> raddb/sites-available/copy-acct-to-home-server.

Ok.  I've been looking in the right place for that.

>> I'd also like to have them proxy the accounting data to a third
>> system (commercial "appliance" type of system, though I understand
>> that it does use FreeRADIUS as its RADIUS server) ...
>
> It's one of 3 products, all of which are (so far as I know) years out
> of date in their version of FreeRADIUS.

It's not as bad as you think:

    radiusd: FreeRADIUS Version 1.1.6, for host i686-redhat-linux-gnu, built on Sep 26 2007 at 13:14:25
    Copyright (C) 2000-2007 The FreeRADIUS server project.
    ...

It's not FreeRADIUS-2.x, but it's also not "years" out of date.  :-) I'm
sure it's good enough to receive accounting-request data, and process
them as intended. (no need for it to proxy back to "my" RADIUS servers
as I intend that they'll already be proxying between each other.)

>> ... (... I expect that the NMS would get from each RADIUS server only
>> accounting-request packets that weren't already proxied from the
>> partner RADIUS server, to avoid it receiving duplicate data).
>
> That can be done.  You just have to set it up carefully.  If all else
> fails, add attributes to the accounting packet saying where it was
> proxied to, and then don't re-proxy it there...

Brilliant!  Thanks for that.

> You will need two versions of "copy-acct-to-home-server", one for each
> destination.

Ok, that helps clarify things already.

> Set up one first and get it working.  Then set up another one and get
> it working.

Agreed.

> Then, ensure that requests sent to one server don't end up getting
> proxied through 2 other servers back to itself.

Right.  The NMS "thing" won't be proxying back to the other two anyway,
but I do want to be sure those two don't create a proxying loop ...

-- 
----------------------------------------------------------------------
Sylvain Robitaille                              syl at alcor.concordia.ca

Systems and Network analyst                       Concordia University
Instructional & Information Technology        Montreal, Quebec, Canada
----------------------------------------------------------------------

More information about the Freeradius-Users mailing list