Proxying accounting to create a 'tee'

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Sat Aug 22 02:59:00 CEST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 21/08/2009 21:15, John Morrissey wrote:
> On Sun, Aug 16, 2009 at 10:11:02AM +0200, Alan DeKok wrote:
>> volkov at ufamts.ru wrote:
>>> If home server does not respond, FR does not respond too -> NAS repeats
>>> request -> FR writes request data to SQL again.
>>
>>   So... configure the server to respond.  See the file
>> raddb/sites-available/decoupled-accounting
> 
> Is decoupled-accounting (writing all detail to disk and replaying it
> serialized with a detail listener) the only way to configure FreeRADIUS to
> respond to the NAS?
> 

Yes. Otherwise it'll wait for the response from the proxy server, and proxy the Accounting-Response from the proxy server back to the NAS. It's the only way the NAS could be sure the remote server
received the Accounting-Request.


> I'm adapting robust-proxy-accounting for our environment and can't figure
> out how (or if it's possible) to get FreeRADIUS to respond to the
> originating NAS when proxying fails and the detail is logged for later
> proxying.

Yep that's a good idea if the data is time critical, it also allows multiple requests to be forwarded in parallel.

> 
> Rejecting request 0 due to lack of any response from home server 66.133.129.108 port 1813
>   Found Post-Proxy-Type 
>  server buffered-radacct-dpi-proxy-tee {
> +- entering group Fail
>         expand: /var/log/freeradius/radacct/detail.dpi-proxy-tee -> /var/log/freeradius/radacct/detail.dpi-proxy-tee
> rlm_detail: /var/log/freeradius/radacct/detail.dpi-proxy-tee expands to /var/log/freeradius/radacct/detail.dpi-proxy-tee
>         expand: %t -> Fri Aug 21 20:10:39 2009
> rlm_detail: Freeradius-Proxied-To = 66.133.129.108
> ++[detail.dpi-proxy-tee] returns ok
>  }
> Finished request 0.
> Cleaning up request 0 ID 24 with timestamp +2
> Going to the next request
> WARNING: Marking home server 66.133.129.108 port 1813 as zombie (it looks like it is dead).
> Waking up in 0.8 seconds.
> 


- -Arran
- -- 
Arran Cudbard-Bell <A.Cudbard-Bell at sussex.ac.uk>,
Systems Administrator (AAA),
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkqPQtQACgkQcaklux5oVKLLVQCbBlskWJ+Rut1Ibc3HjW8taA+H
+0MAniE6WHS8ica55UNXrpI6R2bXgMdx
=xja9
-----END PGP SIGNATURE-----



More information about the Freeradius-Users mailing list