Send Accounting from any point in configuration

Stefan A. a.freeradius at premit.de
Mon Jun 14 17:01:50 CEST 2010 

Thank you Alan,

 
> > The intended Flow:
> >
> > Packet comes in ...
> > - for Access type, check if user might be authenticated
> > - if OK, try to decide to send an Accounting packet to a Server on
> some
> > attributes (in my case, VSA from downstream RADIUS Proxy Server)
> 
>   Do you mean *create* an accounting packet, or forward *later*
> accounting packets for that session?

I mean *create* an Accounting Packet, if an Access Request comes in.
This is will be used to provision a HTTP Proxy Platform about the upcoming
isage of an IP address.
Normally, it can be done using the AcctPacket, coming from the NAS, but in
our current case, the HTTP Proxy Platform has problems to provision the
information inside and we figured, that the payload might hit the HTTP Proxy
before the MSISDN has been provisioned to the Proxy Process.

Tweaking this Access Request to Acct Start Packet will give some more ms.


> > As far as I understood, the proxy module does
> > - (only) proxy based on realm
> > - in proxy module, normal local Logfiles won't be used
> 
>   That's not true.  You can proxy based on anything you want.  See
> raddb/proxy.conf for documentation.

Sorry, that I'm missing something.

I will have to check any Accounting Packet for some Attributes/Values.
If a packet matches, it has to be proxied to a destination RADIUS Server.

For instance:
	if
        NAS-IP-Address = 10.10.19.173
        Called-Station-Id = "apn1.isp.de"
        Acct-Status-Type =* ""
	Then proxy to 10.200.1.1

	if
        NAS-IP-Address = 10.10.18.120
        Called-Station-Id = "apn1.isp.de"
        Acct-Status-Type =* ""
	Then proxy to 10.200.100.100

	else 
		do not proxy

In that case, I have to check the attributes to decide, to which RADISU
Server I have to send the packets.

I found the section in the proxy.conf:

#  rlm_realm").  To manually proxy the request put this entry in the
#  "users" file:
#
#
#DEFAULT	Proxy-To-Realm := "realm_name"
#


Does it mean, that the lines un users file will do the work?
DEFAULT	        NAS-IP-Address = 10.10.19.173, Called-Station-Id =
"apn1.isp.de", Acct-Status-Type =* "", Proxy-To-Realm := "destination1"
DEFAULT	        NAS-IP-Address = 10.10.18.120, Called-Station-Id =
"apn1.isp.de", Acct-Status-Type =* "", Proxy-To-Realm := "destination2"


Is manual proxying in unlang possible, using sites-available/default ?



> 
>   You can proxy *and* log to detail files.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list