FreeRadius radrelay and proxying the Realm attribute to the home_server
Matthew Newton
mcn4 at leicester.ac.uk
Fri Dec 16 17:17:38 CET 2011
Hi,
On Fri, Dec 16, 2011 at 03:52:39PM +0200, Arch Mangle wrote:
> I have a working radrelay configuration running on FreeRADIUS Version
> 2.1.10 for debian linux (squeeze/sid). It successfully duplicates radius
> accounting packets from the detail file to the remote server. However, I
> see that the "Realm" Attribute, while logged in the detail file of the
> local system, is not written to the radrelay detail file and proxied to my
> remote server.
Realm appears in dictionary.freeradius.internal as an internal
attribute, i.e. one that doesn't go out on the wire.
> For easing my particular process of radius accounting/billing, I'd like to
> have this attribute written to the radrelay detail file in addition to that
> of the local server. How would I accomplish this ?
I did it by adding my own attribute to the local dictionary file
(e.g. /etc/freeradius/dictionary). I added a new vendor (using our
IANA enterprise number) with a new attribute:
VENDOR Leicester 3385
BEGIN-VENDOR Leicester
...
ATTRIBUTE UoL-Log-Realm 4 string
...
END-VENDOR Leicester
(Use your own vendor/attribute names/numbers.)
Then in preacct I do:
update request {
UoL-Log-Realm := "%{Realm}"
}
Remember that you'll need the dictionary set on both servers, and that it will
arrive in the relayed packet as your named attribute, not as 'Realm'.
(Of course, there may be a better way to do it, but that works for us.)
Cheers,
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list