FreeRADIUS accounting to multiple destinations

Алексей Морозенко alexmorozenko at gmail.com
Fri Jul 27 15:35:31 CEST 2018 


> 27 июля 2018 г., в 14:56, Alan DeKok <aland at deployingradius.com <mailto:aland at deployingradius.com>> написал(а):
> 
> On Jul 27, 2018, at 4:43 AM, Алексей Морозенко <alexmorozenko at gmail.com <mailto:alexmorozenko at gmail.com>> wrote:
>> 
>> I did the next thing
>> First, I've changed order in preacct in a such way:
>> 
>> preacct {
>> ...
>>       files
> 
>  Which adds reply attributes.  Not request attributes.
> 
>  The documentation for the "files" module makes this clear.

https://freeradius.org/radiusd/man/rlm_attr_filter.html <https://freeradius.org/radiusd/man/rlm_attr_filter.html>

In 2.0.1 and earlier versions, the "accounting" section filtered the Accounting-Request, even though it was documented as filtering the response. This issue has been fixed in version 2.0.2 and later versions.
The "preacct" section may now be used to filter Accounting-Request packets.
The "accounting" section now filters Accounting-Response packets.
It’s easy to misunderstand.

> 
>> and replicate worked (Now I can see message: replicate: Replicating list
>> 'request' to Realm 'fortigate02')
>> 
>> But still without groups.
> 
>  Because you have to add request attributes, as I said previously.
> 
>> Then I've decided to try add group check in preprocess (hints)
>> And it's working!
> 
>  Because the preprocess module adds request attributes.  As the documentation makes clear.

But not right way for me)
> 
>> But I cannot understand why.
>> Could you please explain me?
> 
>  The server contains extensive documentation for the modules you're using.  Instead of randomly configuring modules, it would help to read the documentation.
> 
>  The explanations are all there.
> 
>  Alan DeKok.
It wasn't randomly but it's still unclear where is request and where is reply for first-time reading.
Thanks for help! FreeRADIUS manuals taught me that every word in it is important. 

Instead of P.S.:
Could you please give me an advice if I could make group match more elegant?
I have 3 LDAP servers and ~30 groups so FreeRADIUS must go through all the options till first match on all of them.
I think this affects client connection time and want to improve it. 

> 
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <http://www.freeradius.org/list/users.html>

More information about the Freeradius-Users mailing list