Proxy to multiple servers in FR 2.1.7

Fri Nov 13 11:28:30 CET 2009

Hi Alan,

Thanks for responding,

>> So now there is already a home_server_pool assigned to the default
>> realm, but I continue and create a home_server entry for server B
>>     
> ...
>   
>> sites-enabled/copy-acct-to-server-B:
>> ---------------------------------------
>>
>> server copy-acct-to-home-server {
>>     
>
>   Uh... you have TWO virtual servers with the same name.  This isn't
> allowed.  And this config isn't the same as what's shown in the debug log.
>
>   Can you explain why you're posting WRONG configurations?  It's not
> like we can't notice.
>
>   
Sorry, I didnt clarify properly - I _repeated_ my original 
configuration, this time including the changes I had made.

So right now my entire proxy.conf looks as follows:

proxy server {
        default_fallback = no
}

home_server copy-acct-to-server-A {
        type = acct
        ipaddr = server_A
        port = 1813
        secret = secret
}

home_server copy-acct-to-server-B {
        type = acct
        ipaddr = server_B
        port = 1813
        secret = secret
}

home_server_pool my_acct_failover {
        home_server = copy-acct-to-server-A
}

realm DEFAULT {
        acct_pool       = my_acct_failover
        nostrip
}

>
>> detail_recv: Read packet from /var/log/radius/radacct/detail-combined.work
>>        User-Name = "user at realm"
>> Fri Nov 13 09:19:59 2009 : Info: server copy-acct-to-server-A {
>> Fri Nov 13 09:19:59 2009 : Info: +- entering group preacct {...}
>> Fri Nov 13 09:19:59 2009 : Info: [suffix] Looking up realm "realm" for
>> User-Name = "user at realm"
>>     
>
>   Where did this come from?  There's no "preacct" section in the config
> you posted, and there's no "suffix" module, either.
>   
I had attempted to only include relevant sections of my configuration in 
an attempt to keep it short and readable, but perhaps this has confused 
the issue more than helped, my apologies.

>> You can see from the line above that it is sending this request to
>> server A as well. This is where Im getting stuck :(
>>     
>
>   Because that's what you told it to do.  Your config is telling it to
> proxy BOTH requests to the "DEFAULT" realm.  And it does so.  The debug
> log clearly shows this.
>
>   If you want the requests to be proxied to a DIFFERENT location, you
> will need to set the "Proxy-To-Realm" attribute manually.   i.e.
>
> server a {
>   preacct {
>     update control {
>       Proxy-To-Realm := "realm for home server A"
>     }
>   }
> }
>
>   And do the same thing for B.  And configure two realms, too.
>   
YES! This is where Im getting lost :) Maybe I am misunderstanding the 
word "realm".
All my requests are for a single realm, eg user@"patric.com". This was 
the reason I used the "DEFAULT" realm... It occurs to me now that 
perhaps in the config file the word "realm" does not refer to my domain, 
but instead are names I give to servers A and B? Or am I completely off 
track?

Ok, so is it possible for me to create a realm for server A and another 
realm for server B, but both are processing "user at patric.com" ? If so 
please could you point me to some docs that might help me understand 
how, clearly Im missing or not understanding something *bangs head on wall*

Thanks for your patience and time!
Patric