Decoupled accounting

Kanwar Ranbir Sandhu m3freak at thesandhufamily.ca
Thu Jul 30 19:29:21 CEST 2009


On Wed, 2009-07-29 at 13:23 -0400, Kanwar Ranbir Sandhu wrote:
> I'm using freeradius 2.1.6 and want to move to decoupled accounting.  I
> understand the example configs, but one question I still have is this:
> do I have to have preacct and accounting sections in my
> "virtual.blah.com" file (very similar to the default file) which is in
> the sites-enabled dir, even though I will have preacct and accounting
> sections in the decoupled-accounting file?

Maybe I should post my configs.  So, here's the existing virtual server
I'm using (/etc/raddb/sites-enabled/virtual.blah.com):

server blah {
	#
	# Listen / socket config
	# 
	listen {
		ipaddr = 1.1.1.1
		port = 0
		interface = eth0
		type = auth
	}
	listen {
		ipaddr = 1.1.1.2
		port = 0
		interface = eth0
		type = acct
	}
	#
	# Clients
	#
	client agas1 {
                ipaddr          = 2.2.2.1
                secret          = secret
                nastype         = other
                require_message_authenticator = no
        }
        client agas2 {
                ipaddr          = 2.2.2.2
                secret          = secret
                nastype         = other
                require_message_authenticator = no
        }
	#
	# Authorization
	#
	authorize {
		preprocess
		update request {
                	Huntgroup-Name := "%{sql:select groupname from
radhuntgroup where nasipaddress=\"%{NAS-IP-Address}\"}"
        	}	
		chap
		mschap
		suffix
		eap {
			ok = return
		}
		sql
		expiration
		logintime
		pap
	}
	#
	# Authentication.
	#
	authenticate {
		Auth-Type PAP {
			pap
		}
		Auth-Type CHAP {
			chap
		}
		Auth-Type MS-CHAP {
			mschap
		}
		eap
	}
	#
	# Pre-accounting.  Decide which accounting type to use.
	#
	preacct {
		preprocess
		acct_unique
		suffix
	}
	#
	# Accounting.  Log the accounting data.
	#
	accounting {	
		sqlippool
		sql
		attr_filter.accounting_response
	}
	session {
		sql
	}
	#
	# Post-Authentication
	#
	post-auth {
		sqlippool
		sql
		exec
		Post-Auth-Type REJECT {
			attr_filter.access_reject
		}
	}

	pre-proxy {
	}

	post-proxy {
		eap
	}
}


And here's the decoupled-accounting file I want to use:

server write_detail.blah.com {
	accounting {
		detail.blah.com
	}
}

server read_detail.detail.blah.com {
	listen {
		type = detail
		filename = "${radacctdir}/detail.blah.com/detail-*:*"
		load_factor = 10
	}
	#
	#  Pre-accounting.  Decide which accounting type to use.
	#
	preacct {
		preprocess
		acct_unique
		suffix
	}
	#
	#  Accounting.  Log the accounting data.
	#
	accounting {
		sqlippool
                sql
                attr_filter.accounting_response
        }
}

As you can see, decoupled-accounting has the same preacct and accounting
sections that virtual.blah.com has.  So, would I need them in both, or
is it enough to just have preacct and accounting in the
decoupled-accounting file?  In my mind, it doesn't make sense to put the
same config in two different virtual servers when one of them is calling
the other directly anyway.  I could be wrong...like many times
before. :)

Regards,

Ranbir
-- 
Kanwar Ranbir Sandhu
Linux 2.6.27.25-170.2.72.fc10.x86_64 x86_64 GNU/Linux 
12:27:16 up 6 days, 3:54, 4 users, load average: 1.34, 1.30, 1.18 





More information about the Freeradius-Users mailing list