Radrelay - Duplicate records...

Etienne Pretorius etiennep at kingsley.co.za
Thu Sep 28 17:08:23 CEST 2006 

Etienne Pretorius wrote:
> Hello List,
>
> I would like to know if it is possible to setup FreeRAIUS not to log 
> accounting info from a specific server to the detail file and still 
> log the accounting info into the local mysql database.
>
> Some background on the subject:
> I have recently taken over the maintenance of a couple of FreeRADIUS 
> servers. I'll be frank, I am not an experienced FreeRADIUS admin, so 
> my first priority was to get the accounting information synced at all 
> times between our servers. After some searching I found a couple of 
> documents and posts about radrelay and I have proceeded to set it up 
> on the servers hoping to achieve a two-way accounting replication 
> service.
>
>   +-----------+                                                   
> +-----------+
>    | Primary    | <=====================  | Secondary |
>    | RADIUS  |  =====================> | RADIUS   |
>   +-----------+                                                   
> +-----------+
>
> As the documentation is quite brief - I assume everything is working 
> fine. I kept my eye on the logs and started to see the following 
> appearing.
> Wed Sep 27 17:37:45 2006 : Info: rlm_radutmp: Login entry for NAS <1> 
> port 1090715896 duplicate
> Wed Sep 27 17:37:46 2006 : Info: rlm_radutmp: Login entry for NAS <1> 
> port 1090716313 duplicate
>
> (Also please note that I am aware of record duplication coming from my 
> upstream provider's RADIUS proxy)
>
> When I killed radrelay on the Secondary then everything was OK except 
> I now only have a one-way replication happening. Looking at the sql 
> tables showed that there are about double the amount of records on the 
> primary then on the secondary for that time period.
>
> As I have little experience on configuring FreeRadius (We all have to 
> start somewhere), I would greatly appreciate the any help or comments 
> about the subject at hand.
>
> Thank you.
> Etienne Pretorius
>
> - List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
Just for those that might be interested,

After you get radrelay to sync one-way in both directions then you do 
the following...

You configure in acct_users the following:
# This Configuration prevents Accounting loops of a two-way radrelay sync
#  [o] Radrelay must be sending accounting info from IP(s) below
#       on the other Radius server(s)
DEFAULT Client-IP-Address != "<SECONDARY RADIUS IP>", Acct-type := 
"RADRELAY"

and then in radiusd.conf under 'preacct' you uncomment files like so:
    #
    #  Read the 'acct_users' file
    files

and then under 'accounting' you configure the following:
# If Acct-Type is RADRELAY then log to sql module AND to detail file
# for radrelay - accounting sync daemon
Acct-Type RADRELAY {
    radrelay
    sql
}

This basically means that all accounting packets NOT from the SECONDARY 
RADIUS server will have the
sql module and the detail module applied to it, while all other packets 
from the other clients will be processed
normally.

more info on the technique can be found under doc/Acct-Type.

Etienne Pretorius.

More information about the Freeradius-Users mailing list