FreeRadius radrelay and proxying the Realm attribute to the home_server

Arch Mangle archmangle at gmail.com
Fri Dec 16 20:53:15 CET 2011 

Hi Matthew

Thanks for your response. This turns out to be exactly the configuration I
needed! I've tested it successfully on a failover pair of servers each
replicating accounting packets to each other using radrelay.

Many thanks!
Arch


On Fri, Dec 16, 2011 at 6:17 PM, Matthew Newton <mcn4 at leicester.ac.uk>wrote:

> Hi,
>
> On Fri, Dec 16, 2011 at 03:52:39PM +0200, Arch Mangle wrote:
> > I have a working radrelay configuration running on FreeRADIUS Version
> > 2.1.10 for debian linux (squeeze/sid). It successfully duplicates radius
> > accounting packets from the detail file to the remote server. However, I
> > see that the "Realm" Attribute, while logged in the detail file of the
> > local system, is not written to the radrelay detail file and proxied to
> my
> > remote server.
>
> Realm appears in dictionary.freeradius.internal as an internal
> attribute, i.e. one that doesn't go out on the wire.
>
> > For easing my particular process of radius accounting/billing, I'd like
> to
> > have this attribute written to the radrelay detail file in addition to
> that
> > of the local server. How would I accomplish this ?
>
> I did it by adding my own attribute to the local dictionary file
> (e.g. /etc/freeradius/dictionary). I added a new vendor (using our
> IANA enterprise number) with a new attribute:
>
> VENDOR          Leicester               3385
> BEGIN-VENDOR    Leicester
> ...
> ATTRIBUTE       UoL-Log-Realm                   4       string
> ...
> END-VENDOR      Leicester
>
> (Use your own vendor/attribute names/numbers.)
>
> Then in preacct I do:
>
>        update request {
>                UoL-Log-Realm := "%{Realm}"
>        }
>
> Remember that you'll need the dictionary set on both servers, and that it
> will
> arrive in the relayed packet as your named attribute, not as 'Realm'.
>
> (Of course, there may be a better way to do it, but that works for us.)
>
> Cheers,
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>
> Systems Architect (UNIX and Networks), Network Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111216/00bea800/attachment.html>

More information about the Freeradius-Users mailing list