simple accounting proxy setup.

Matthew Newton mcn4 at leicester.ac.uk
Tue Oct 2 09:58:01 CEST 2012


Hi,

On Mon, Oct 01, 2012 at 07:14:05PM -0500, Bill Schoolfield wrote:
> In keeping with recommended practice, I have modified very little.

That's good. For this purpose, you can actually cut out quite a
lot - but make sure you've got your config in version control
(e.g. git) before you start so that you can easily backtrack if
things go wrong.

> I edited the proxy.conf file and enabled the
> copy-acct-to-home-server server. What else do I need to do?
> Could someone provide a working example configuration? I'm a
> little shaky on the realm processing.  Perhaps that's the issue.

copy-acct-to-home-server reads a detail file and pushes the
"packets" into a virtual server for processing. So you need to
write to a detail file for it to read. From your debug output it
looks like you're using the standard configuration for 'detail',
which won't be where copy-acct-to-home-server expects to read it
from.

Try something like

modules/relay_detail:

detail relay_detail {
  detailfile = ${radacctdir}/relay-detail
}

sites-enabled/default:

...
accounting {
  relay_detail
}
...


That should get all accounting packets buffered to
${radacctdir}/relay-detail. Then you need to read them and forward
them on, so -

sites-enabled/copy-acct-to-home-server:

server copy-acct-to-home-server {
  listen {
    type = detail
    filename =  ${radacctdir}/relay-detail
  }
  preacct {
    update control {
      Proxy-To-Realm := 'home_realm'
    }
  }
  accounting {
    ok
  }
}


Then make sure your proxy.conf is configured with realm home_realm
correctly.

proxy.conf:

realm home_realm {
  ...
}


This should all write accounting packets to the local detail file,
then read them and send them over to the home server. If the home
server is down, they will buffer up on this system until the home
server comes back again. That should mean you don't drop any logs.

Run radiusd -X and watch the output. You should see packets coming
in (like your original post), but you should also see the detail
reader wake up every second or so and check for packets to relay.
If you're not seeing that, then you haven't enabled
copy-acct-to-home-server correctly. You should then see that pick
up packets and process them.

Cheers,

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list