Configuring Freeradius to keep a local copy of accounting records and send a copy to a remote server

Tue Jul 24 12:52:23 CEST 2018

On Jul 23, 2018, at 10:27 PM, Frank Godek <godek at workstationgroup.com> wrote:
> I've used Radius for many, many years but have not had to worry about the
> accounting records until now.  I have a client that is going to provide
> authentication for a remote partner organization.  They will be billing them
> based on both having their clients connect and also, to some extent, on how
> much data the partner's clients use.  The remote partner needs to get
> accounting records in order for them to make payment.  At the same time, my
> client wants copies of the records so they can verify that they are getting
> paid correctly.  I setup a new FreeRadius server for this purpose so I'm
> running 3.0.17 on Ubuntu 16.04.

  That's all normal.

> In the wireless APs that are providing service, I can easily set two
> accounting servers but, as has been the case since I started using Radius,
> the secondary server is a fallback for the primary not a location where
> duplicate entries are sent.

  Yes.

 Tho in v3, you can use "rlm_replicate".  It will send duplicate packets to one or more servers.  But it won't retry the packets if there's no response.

> I have tried setting up a realm that points to the remote partner and to use
> the copy-acct-to-home-server module.  That worked great as far as sending
> the records to the remote partner but I could see that what it was doing was
> renaming the details file, transferring the contents of that file to the
> remote server, and then deleting the renamed details file. Of course, that
> left me without details on the local server.

  So configure two "detail" modules.  One for copying packets remotely, and the other for local copies.

> So, what's the best and/or easiest way for me to keep a copy locally?  Do I
> need to define a virtual server and setup a home-server-pool with the remote
> server?  I looked at that but it seemed that the home-server-pools were
> either setup for either load balancing or failover.  I don't want either.  I
> want a copy of every record to stay local AND be sent to the remote server.
> 
> Thank you in advance for your help.  I've been reading through the docs and
> also online examples but haven't found much that was very clear on this
> setup.

  detail detail_copy {
		... config ...
 }

  detail detail_local {
	... config...
  }

  Just make sure that the modules are configured to use two different directories.

  Then, instead of using "detail" in the virtual server, use "detail_copy" and "detail_local"

  Or use rlm_replicate instead of the "copy-acct-to-home-server"

  Alan DeKok.