FreeRADIUS Accounting data sync

Wed Dec 14 12:08:35 CET 2011

Alan DeKok-2 wrote
> 
> KatsuroKurosaki wrote:
>> I mean: while debugging ( /freeradius -X/ ) I have Server A as primary
>> and
>> server B as secondary (or back-up, fail-over,...). Then: I do a login
>> process, and Server A is running, I'm logged in with no problems, and
>> suddently server A fails (stopping the service). Then when I send the
>> logout
>> request, server A is dead, then the process is done by server B. But what
>> I
>> see on debug screen on server B, when I logout is this:
> 
>   Because the login record hasn't been sent from A to B.
> 

And this is what I'm trying to configure, server A send the packet to server
B, and vice-versa. Server A won't handle all requests, for example, if we
have 50 NASes, 25 will handle requests to server A and B as fail-over, and
the other 25 will handle requests to server B and use A as fail-over. That's
why I need all data replicated to both servers.

Alan DeKok-2 wrote
> 
>> /[radutmp] expand: /var/log/freeradius/radutmp ->
>> /var/log/freeradius/radutmp
>> [radutmp] expand: %{User-Name} -> pruebas
>> rlm_radutmp: Logout for NAS SurfLabs Phys port 2151677953, *but no Login
>> record*
>> ++[radutmp] returns ok/
> 
>   And what *problem* does this create? 
> 

Stale sessions in daloRADIUS. Also the attribute /Simultaneous-Use/ is used.

**********************************************************************

Fajar A. Nugraha-2 wrote
> 
> On Wed, Dec 14, 2011 at 5:15 PM, KatsuroKurosaki <joaquimsb89@>
> wrote:
>> /[radutmp]      expand: /var/log/freeradius/radutmp ->
>> /var/log/freeradius/radutmp
>> [radutmp]       expand: %{User-Name} -> pruebas
>> rlm_radutmp: Logout for NAS SurfLabs Phys port 2151677953, *but no Login
>> record*
>> ++[radutmp] returns ok/
> 
> Ah, the module that I always delete from the default config :D
> 
> As Alan said, if it doesn't create problem, you can ignore it.
> 

Fine, thanks. Module disabled and doesn't give any more problems, except
stale sessions in daloRADIUS.

Fajar A. Nugraha-2 wrote
> 
>>>> Detail listener /var/log/freeradius/radacct/detail state unopened
>>>> signalled
>>>> 0 waiting 1.085813 sec
>>>> Waking up in 1.0 seconds.
>>>
>>> That is normal. It's because the server didn't receive any accounting
>>> packets.
>>>
>>> What happens if you send accounting packet to server A now? does both
>>> server A and B receive it?
>>>
>>
>> No, only server A receives and processes it.
> 
> What I meant was, AFTER you enable copy-acct-to-home-server and stuff,
> have you ACTUALLY send an accounting packet to server A? If yes, it
> SHOULD display some things (like writing to a detail file), and then
> there should be a log about READING the detail file, and then there's
> something about it proxying the accounting to server B. Does all of
> that happen? If not, which ones happen?
> 

When I enable copy-acct-to-home-server, and I send requests, they are
processed correctly, saving it to the detail file, but on server B, I don't
receive the request, to have both servers synced. Also it shows, with
no-end, those lines on the screen:
/
Detail listener /var/log/freeradius/radacct/detail state replied signalled 0
waiting 0.000450 sec
Detail - unlinking /var/log/freeradius/radacct/detail.work
Detail listener /var/log/freeradius/radacct/detail state unopened signalled
0 waiting 1.077625 sec
Waking up in 1.0 seconds.
Polling for detail file /var/log/freeradius/radacct/detail
Detail listener /var/log/freeradius/radacct/detail state unopened signalled
0 waiting 0.854780 sec
Waking up in 0.8 seconds.
Polling for detail file /var/log/freeradius/radacct/detail
Detail listener /var/log/freeradius/radacct/detail state unopened signalled
0 waiting 0.913774 sec
Waking up in 0.9 seconds.
Polling for detail file /var/log/freeradius/radacct/detail
Detail listener /var/log/freeradius/radacct/detail state unopened signalled
0 waiting 0.820318 sec
Waking up in 0.8 seconds.
Polling for detail file /var/log/freeradius/radacct/detail
Detail listener /var/log/freeradius/radacct/detail state unopened signalled
0 waiting 1.035776 sec
Waking up in 1.0 seconds.
Polling for detail file /var/log/freeradius/radacct/detail
Detail listener /var/log/freeradius/radacct/detail state unopened signalled
0 waiting 0.824664 sec
Waking up in 0.8 seconds.
Polling for detail file /var/log/freeradius/radacct/detail
Detail listener /var/log/freeradius/radacct/detail state unopened signalled
0 waiting 1.043415 sec
Waking up in 1.0 seconds.
Polling for detail file /var/log/freeradius/radacct/detail
Detail listener /var/log/freeradius/radacct/detail state unopened signalled
0 waiting 1.090784 sec
Waking up in 1.0 seconds.
^C
/
Is this behaviour normal?

Fajar A. Nugraha-2 wrote
> 
>> I need some advices of how can I have all the Authorization,
>> Authentication
>> and Accounting data replicated to both servers (A and B), so one of them
>> is
>> the main server (Server A), and the other is the backup server (Server B)
>> if
>> server A fails (reboot machine for maintenance, no network
>> connection,...),
>> then server B starts processing requests, like server A was doing.
> 
> Somewhat complicated.
> 
> Short version: it's easiest if you have mysql cluster setup correctly.
> But it's quite complicated, I recommend you hire an expert for that.
> 
> Long version:
> There are many ways to do that. For authorization and accounting,
> basically you need the same config and same data on both backend (e.g.
> mysql). Sometimes it's easier to just sync the data (e.g. radcheck,
> radreply) manually.
> 
> For accounting, what you're doing (copy-acct-to-home-server) is one
> way to do that. The other way is to setup db cluster/replication.
> 

I use MySQL, but it is in server C, and FreeRADIUS are on Server A and B,
and both FreeRADIUS point to the same DB, via LAN.

--
View this message in context: http://freeradius.1045715.n5.nabble.com/FreeRADIUS-Accounting-data-sync-tp5071166p5074196.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.