FreeRadius 2.0 Radrelay to multiple servers?

Alan Dekok aland at deployingradius.com
Tue May 15 18:12:44 CEST 2007


Brian Walters wrote:
> In the new 2.0 release it appears that we are using the proxy.conf to
> tell radiusd -n radrelay where to send  those packets. Wouldn't I need
> to set up a separate proxy.conf with a DEFAULT entry in order to send
> ALL realm acct packets to my two other servers as described above
> otherwise it would seem the packets would try to forward to the ISP
> customer again instead of my own servers? 
> 
> How do I get it to send the data to both servers in a server_pool like I
> did with the old radrelay:  3->1 & 3->2. 

  You write the accounting data to 2 files, and have the "detail" file
reader read both files.  You can set the "identity" field of the
"listen" section to two different values:

listen {
	filename = detail-1
	identity = detail-1
}

listen {
	filename = detail-2
	identity = detail-2
}

  Then, in the "acct_users" file, do:

DEFAULT Server-Identity == "detail-1", Proxy-To-Realm := "1"

DEFAULT Server-Identity == "detail-2", Proxy-To-Realm := "2"

  Be warned, the new radrelay functionality is in flux, and isn't really
ready for production use.  The intent of -pre1 is to get the *rest* of
the server tested.

  You should also put the server identity into a RADIUS attribute, so
that you can catch cycles in the proxying, and mark the request so that
it *doesn't* go into the detail file that's supposed to be proxied to
that server.

  This isn't finalized right now, but should be before 2.0.0 is
released.  The goal is to make all of this automatic, so it "just works".

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list