Setting up a virtual server to handle incoming proxied requests

Patric patricrt at gmail.com
Fri Sep 25 10:47:42 CEST 2009 

Hi again all :)

I have a primary and secondary server, each of which receive accounting 
requests from multiple NAS servers.
Both my servers proxy these requests to each other to stay in sync.

I would like to setup a virtual server on my secondary to handle the 
incoming proxy requests from the primary.
My secondary is running freeradius 2.1.3

I have read the sites-available/README documentation and have a few 
questions.

First I include my current configuration for your consideration.

radiusd.conf
------------

listen {
        ipaddr = *
        port   = 0    # Use /etc/services for ports
        type   = auth
}

listen {
        ipaddr = *
        port   = 0    # Use /etc/services for ports
        type   = acct
}

proxy_requests  = yes
$INCLUDE proxy.conf
...


clients.conf
------------
Nothing


proxy.conf
----------

home_server copy-acct-to-home-server {
        type = acct
        ipaddr = primary_server_ip
        port = 1813
        secret = shared_key
        response_window = 20
        zombie_period = 40
        revive_interval = 120
}

home_server_pool my_acct_failover {
        home_server = copy-acct-to-home-server
}

realm DEFAULT {
        acct_pool = my_acct_failover
        nostrip
}


Currently my clients reside in the nas table in my database.


With the above config I have listen sections for auth and acct.
Do I understand the documentation correctly if I add this to the above 
existing config:


client primary_server {
        ipaddr                        = primary_server_ip
        secret                        = shared_secret
        require_message_authenticator = no
        nastype                       = other
        virtual_server                = requests_from_primary
}


server requests_from_primary {
    listen {
        ipaddr = *
        port   = 0
        type   = acct
    }

    proxy_requests = no   # Can this be done here? If not how would I 
disable proxying for this virtual server?
                          # Do I just exclude my detail-radrelay in the 
accounting section?


    # Since this is just processing accounting requests do I still need 
to define the authorize, authenticate & other sections?


    preacct {
        preprocess
        acct_unique
    }

    accounting {
        detail
        sql
        # detail-radrelay - Exclude this so that these requests are not 
proxied?
    }
}


I *think* Im on the right track but would appreciate any pointers :)

Many thanks
Patric

More information about the Freeradius-Users mailing list