FreeRADIUS Accounting data sync

Fajar A. Nugraha list at fajar.net
Wed Dec 14 11:38:42 CET 2011 

On Wed, Dec 14, 2011 at 5:15 PM, KatsuroKurosaki <joaquimsb89 at gmail.com> wrote:
> /[radutmp]      expand: /var/log/freeradius/radutmp ->
> /var/log/freeradius/radutmp
> [radutmp]       expand: %{User-Name} -> pruebas
> rlm_radutmp: Logout for NAS SurfLabs Phys port 2151677953, *but no Login
> record*
> ++[radutmp] returns ok/

Ah, the module that I always delete from the default config :D

As Alan said, if it doesn't create problem, you can ignore it.

>>> Detail listener /var/log/freeradius/radacct/detail state unopened
>>> signalled
>>> 0 waiting 1.085813 sec
>>> Waking up in 1.0 seconds.
>>
>> That is normal. It's because the server didn't receive any accounting
>> packets.
>>
>> What happens if you send accounting packet to server A now? does both
>> server A and B receive it?
>>
>
> No, only server A receives and processes it.

What I meant was, AFTER you enable copy-acct-to-home-server and stuff,
have you ACTUALLY send an accounting packet to server A? If yes, it
SHOULD display some things (like writing to a detail file), and then
there should be a log about READING the detail file, and then there's
something about it proxying the accounting to server B. Does all of
that happen? If not, which ones happen?

> I need some advices of how can I have all the Authorization, Authentication
> and Accounting data replicated to both servers (A and B), so one of them is
> the main server (Server A), and the other is the backup server (Server B) if
> server A fails (reboot machine for maintenance, no network connection,...),
> then server B starts processing requests, like server A was doing.

Somewhat complicated.

Short version: it's easiest if you have mysql cluster setup correctly.
But it's quite complicated, I recommend you hire an expert for that.

Long version:
There are many ways to do that. For authorization and accounting,
basically you need the same config and same data on both backend (e.g.
mysql). Sometimes it's easier to just sync the data (e.g. radcheck,
radreply) manually.

For accounting, what you're doing (copy-acct-to-home-server) is one
way to do that. The other way is to setup db cluster/replication.

-- 
Fajar

More information about the Freeradius-Users mailing list