simple accounting proxy setup.

Tue Oct 2 18:37:31 CEST 2012

Matthew,

Thanks for the detailed followup. I made all your suggested changes,
but I'm a little uncertain about the changes to the proxy.conf file.

Here is what I added in proxy.conf:

home_server myhomeserver {
        type = acct
        ipaddr = xxx.xxx.xxx.xxx
        port = 1813
        secret = ??????
}

home_server_pool poolit {
        home_server = myhomeserver
        virtual_server = copy-acct-to-home-server
        type = fail-over
}

realm home_realm {
        acct_pool = poolit
}

Is this right?

Bill

On 10/2/2012 2:58 AM, Matthew Newton wrote:
> Hi,
> 
> On Mon, Oct 01, 2012 at 07:14:05PM -0500, Bill Schoolfield wrote:
>> In keeping with recommended practice, I have modified very little.
> 
> That's good. For this purpose, you can actually cut out quite a
> lot - but make sure you've got your config in version control
> (e.g. git) before you start so that you can easily backtrack if
> things go wrong.
> 
>> I edited the proxy.conf file and enabled the
>> copy-acct-to-home-server server. What else do I need to do?
>> Could someone provide a working example configuration? I'm a
>> little shaky on the realm processing.  Perhaps that's the issue.
> 
> copy-acct-to-home-server reads a detail file and pushes the
> "packets" into a virtual server for processing. So you need to
> write to a detail file for it to read. From your debug output it
> looks like you're using the standard configuration for 'detail',
> which won't be where copy-acct-to-home-server expects to read it
> from.
> 
> Try something like
> 
> modules/relay_detail:
> 
> detail relay_detail {
>   detailfile = ${radacctdir}/relay-detail
> }
> 
> sites-enabled/default:
> 
> ...
> accounting {
>   relay_detail
> }
> ...
> 
> 
> That should get all accounting packets buffered to
> ${radacctdir}/relay-detail. Then you need to read them and forward
> them on, so -
> 
> sites-enabled/copy-acct-to-home-server:
> 
> server copy-acct-to-home-server {
>   listen {
>     type = detail
>     filename =  ${radacctdir}/relay-detail
>   }
>   preacct {
>     update control {
>       Proxy-To-Realm := 'home_realm'
>     }
>   }
>   accounting {
>     ok
>   }
> }
> 
> 
> Then make sure your proxy.conf is configured with realm home_realm
> correctly.
> 
> proxy.conf:
> 
> realm home_realm {
>   ...
> }
> 
> 
> This should all write accounting packets to the local detail file,
> then read them and send them over to the home server. If the home
> server is down, they will buffer up on this system until the home
> server comes back again. That should mean you don't drop any logs.
> 
> Run radiusd -X and watch the output. You should see packets coming
> in (like your original post), but you should also see the detail
> reader wake up every second or so and check for packets to relay.
> If you're not seeing that, then you haven't enabled
> copy-acct-to-home-server correctly. You should then see that pick
> up packets and process them.
> 
> Cheers,
> 
> Matthew
> 
> 