Proxy to multiple servers in FR 2.1.7

Alan DeKok aland at deployingradius.com
Fri Nov 13 10:54:13 CET 2009


Patric wrote:
> Thanks for you response. I have tried to implement this but Im going
> wrong somewhere. Below I will show my configuration, then the debug that
> shows what the server is doing.
...
> sites-enabled/copy-acct-to-home-server:
> ---------------------------------------
> 
> server copy-acct-to-home-server {

  OK, that's fine.

> So now there is already a home_server_pool assigned to the default
> realm, but I continue and create a home_server entry for server B
...
> sites-enabled/copy-acct-to-server-B:
> ---------------------------------------
> 
> server copy-acct-to-home-server {

  Uh... you have TWO virtual servers with the same name.  This isn't
allowed.  And this config isn't the same as what's shown in the debug log.

  Can you explain why you're posting WRONG configurations?  It's not
like we can't notice.

> Now I fire up radiusd in debug mode and send a test packet to the server
> to see what it does. As the debug shows, it gets the packet, writes it
> to the detail-combined2. Then the listener copy-acct-to-server-B picks
> up the detail-combined2 and processes it, but instead of sending to
> server B its sending to server A

  Because the config you posted isn't the config you're running.

> detail_recv: Read packet from /var/log/radius/radacct/detail-combined.work
>        User-Name = "user at realm"
> Fri Nov 13 09:19:59 2009 : Info: server copy-acct-to-server-A {
> Fri Nov 13 09:19:59 2009 : Info: +- entering group preacct {...}
> Fri Nov 13 09:19:59 2009 : Info: [suffix] Looking up realm "realm" for
> User-Name = "user at realm"

  Where did this come from?  There's no "preacct" section in the config
you posted, and there's no "suffix" module, either.

...
> You can see from the line above that it is sending this request to
> server A as well. This is where Im getting stuck :(

  Because that's what you told it to do.  Your config is telling it to
proxy BOTH requests to the "DEFAULT" realm.  And it does so.  The debug
log clearly shows this.

  If you want the requests to be proxied to a DIFFERENT location, you
will need to set the "Proxy-To-Realm" attribute manually.   i.e.

server a {
  preacct {
    update control {
      Proxy-To-Realm := "realm for home server A"
    }
  }
}

  And do the same thing for B.  And configure two realms, too.

  Alan Dekok.



More information about the Freeradius-Users mailing list