radrelay: cross-replication of accounting records between two redundant freeradius servers
Arch Mangle
archmangle at gmail.com
Sun Dec 18 11:31:18 CET 2011
Hi Alan
On Sat, Dec 17, 2011 at 3:47 PM, Alan DeKok <aland at deployingradius.com>wrote:
> Arch Mangle wrote:
> > I've got radrelay replicating accounting packets from a primary radius
> > server to a secondary radius server. The secondary radius server is
> > capable of handling radius accounting/auth requests if NASes cannot
> > reach the primary or the primary fails.
> ...
> > However, when I test sending accounting packets to the secondary, the
> > two systems go into some kind of circular loop, neither being smart
> > enough to recognise a replicated auth packet when it sees one :-)
>
> You're replicating authentication packets?
>
>
Sorry, mis-type! Accounting only.
> In any case... loops are simple to avoid. You don't proxy ALL packets
> back & forth. You only proxy the ones that came from real clients. You
> DON'T proxy ones which came from the other server.
>
>
Agreed. So my question would be: how do I only proxy packets from real
clients, not ones from the other server?
> > My question is, how would i configure two-way replication in a scenario
> > like this, without the loops ?
>
> I'm presuming you're writing the accounting packets to the detail
> file, and then using radrelay to read that, and send them to the other
> server.
>
>
That's what I'm doing.
> When you write to do detail file, make it conditional, on the IP
> address of the source of the packet:
>
>
> if (Packet-Src-IP-Address != 1.2.3.4) {
> detail
> }
>
> Where "1.2.3.4" is the IP of the other server.
>
>
Thanks Alan, this works :-)
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111218/6a49d26e/attachment.html>
More information about the Freeradius-Users
mailing list