Proxy state attribute in accounting
Waqas Toor
waqasnasirtoor at gmail.com
Mon Apr 18 08:06:22 CEST 2011
On Sat, Apr 16, 2011 at 9:19 PM, Alan DeKok <aland at deployingradius.com> wrote:
> Waqas Toor wrote:
>> Yes, Understood, Can I can limit those proxy-state attributes to lets
>> say 100 attributes only.
>> Because the other server is complaining about possible DoS attacks.
>
> <sigh> It would have been useful for you to say that at the beginning.
>
> If there are 100 Proxy-State attributes, it's likely because you
> screwed up proxying somewhere. It makes *no* sense to proxy packets
> through 100 servers.
Ok here is my robust-example-accounting that I am using for proxy
==============================================================
home_server home1.example.com {
type = acct
ipaddr = 10.1.67.37
port = 1813
secret = free-rad512
# Mark this home server alive ONLY when it starts being responsive
status_check = request
username = "test_user_status_check"
response_window = 6
}
home_server home2.example.com {
type = acct
ipaddr = 10.1.67.28
port = 1813
secret = free-rad512
# Mark this home server alive ONLY when it starts being responsive
status_check = request
username = "test_user_status_check"
response_window = 6
}
home_server acct_detail.example.com {
virtual_server = acct_detail.example.com
}
home_server_pool acct_pool.example.com {
type = load-balance # other types are OK, too.
home_server = home1.example.com
home_server = home2.example.com
fallback = acct_detail.example.com
virtual_server = home.example.com
}
realm test_cpe.com{
acct_pool = acct_pool.example.com
nostrip
}
server acct_detail.example.com {
accounting {
detail.example.com
}
}
server home.example.com {
pre-proxy {
}
post-proxy {
Post-Proxy-Type Fail {
detail.example.com
}
}
listen {
type = detail
filename = "${radacctdir}/detail.example.com/detail-*:*"
load_factor = 10
}
accounting {
update control {
Proxy-To-Realm := "test_cpe.com"
}
}
}
================================================
It works fine, but when one of the server goes down of a long period,
It sends a lot of proxy state attributes.
Regards
Waqas
More information about the Freeradius-Users
mailing list