Problems with my radrelay configuration?
tonimanel
antoniofernandez at fabergames.com
Fri Oct 14 09:08:56 CEST 2011
Hi,
Yes I have written more. I have modified proxy.conf file with home_servers
configuration. This is its content:
proxy server {
default_fallback = no
}
home_server radiusa {
type = auth+acct
ipaddr = 192.168.1.129
port = 1812
secret = testing123
require_message_authenticator = no
response_window = 20
zombie_period = 40
revive_interval = 120
status_check = status-server
check_interval = 30
num_answers_to_alive = 3
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server radiusb{
type=auth+acct
ipaddr = 192.168.1.130
port=1812
secret=testing123
require_message_authenticator = no
response_window = 20
zombie_period = 40
revive_interval = 120
status_check = status-server
check_interval = 30
num_answers_to_alive = 3
coa{
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server_pool my_auth_failover {
type = fail-over
home_server = radiusa
}
home_server_pool my_acct_relay {
type = fail-over
home_server = radiusa
}
realm example.com {
auth_pool = my_auth_failover
}
realm relay_realm {
acct_pool = my_acct_relay
}
realm LOCAL {
}
Also, I have modified copy-acct-to-hom-server file:
server copy-acct-to-home-server {
listen {
type = detail
filename = ${radacctdir}/detail
load_factor = 10
}
preacct {
if (Proxy-State){
update control{
Proxy-To-Realm := LOCAL
}
}
else {
update control {
Proxy-To-Realm := relay_realm
}
}
preprocess
suffix
files
}
accounting {
ok
}
pre-proxy {
}
post-proxy {
}
}
In sites-enabled I have created a simbolic link to copy-acct-to-home-server.
root at debian:/etc/freeradius/sites-enabled# ls -l
total 0
lrwxrwxrwx 1 root freerad 26 oct 4 18:54 default ->
../sites-available/default
lrwxrwxrwx 1 root freerad 43 oct 13 14:18 detail-relay ->
../sites-available/copy-acct-to-home-server
lrwxrwxrwx 1 root freerad 31 oct 4 18:54 inner-tunnel ->
../sites-available/inner-tunnel
In modules directory, I don't have detail_relay file, should I have it?
This is the detail's file code in modules directory:
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
header = "%t"
}
My radrelay.conf file:
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct
name = radrelay
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/${name}
libdir = @libdir@
pidfile = ${run_dir}/${name}.pid
max_request_time = 30
cleanup_delay = 5
max_requests = 65536
log {
destination = files
file = ${logdir}/${name}.log
}
security {
max_attributes = 200
}
modules {
$INCLUDE ${confdir}/modules/always
}
instantiate {
}
proxy_requests = yes
home_server radrelay {
type = acct
ipaddr = 192.168.1.130
port = 1812
secret = testing123
require_message_authenticator = yes
}
home_server_pool radrelay {
type = fail-over
home_server = radrelay
}
realm radrelay {
acct_pool = radrelay
}
listen {
type = detail
filename = ${radacctdir}/radacct/detail
load_factor = 50
max_outstanding = 100
}
preacct {
update control {
Proxy-To-Realm := "radrelay"
}
}
accounting {
}
And radiusd.conf file:
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct
name = freeradius
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/${name}
db_dir = ${raddbdir}
libdir = /usr/lib/freeradius
pidfile = ${run_dir}/${name}.pid
user = freerad
group = freerad
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
listen {
type = auth
ipaddr = *
port = 0
}
listen {
ipaddr = *
port = 0
type = acct
}
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log {
destination = files
file = ${logdir}/radius.log
syslog_facility = daemon
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
proxy_requests = yes
$INCLUDE proxy.conf
$INCLUDE clients.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
detail detail_relay {
detailfile = ${radacctdir}/radacct/detail
detailperm = 0600
dirperm = 0755
locking = yes
}
modules {
$INCLUDE ${confdir}/modules/
$INCLUDE eap.conf
$INCLUDE sql.conf
detail detail_relay{
}
}
instantiate {
exec
expr
expiration
logintime
}
$INCLUDE policy.conf
$INCLUDE sites-enabled/
I have filtered the files with grep -v command to hide comments.
I hope your answers. Thanks and regards! If you need to check something,
please tell me.
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4901630.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list