proxying accounting records

Alan Batie alan at peak.org
Mon Jan 21 22:01:02 CET 2019 

I've had a proxy configuration setup to forward copies of accounting
updates to two other radius servers for several years.  Recently, I
added a third (which one of the original two will be moving to), however
it's not working: while the original ones get the expected
start/stop/interim-updates, the new one only gets "accounting-on"
packets while the updates just pile up in the detail file.  That
particular server ignores anything but start, stop and interim-update
records (it's a vendor I have no control over).  In monitoring what gets
sent out, after restarting the radius server, I do not see Accounting-On
getting sent to the original ones, so I don't understand why it's
happening with the new one.  The configurations are identical except for
the detail file name and the ip address (I only included the configs for
the two related proxy targets for simplicity):

mods:
detail detail-calix {
	filename = ${radacctdir}/detail-calix
	escape_filenames = no
	permissions = 0600
	header = "%t"
}
detail detail-newcalix {
	filename = ${radacctdir}/detail-newcalix
	escape_filenames = no
	permissions = 0600
	header = "%t"
}
replicate {
    Replicate-To-Realm = calix
    Replicate-To-Realm = newcalix
}


sites:
server relay-calix {
	listen {
		type = detail
		filename = ${radacctdir}/detail-calix
		load_factor = 10
	}
	preacct {
		update control {
			Proxy-To-Realm := "calix"
		}
	}
	accounting {
		   ok
	}
	pre-proxy {
	}
	post-proxy {
	}
}
server relay-newcalix {
	listen {
		type = detail
		filename = ${radacctdir}/detail-newcalix
		load_factor = 10
	}
	preacct {
		update control {
			Proxy-To-Realm := "newcalix"
		}
	}
	accounting {
		   ok
	}
	pre-proxy {
	}
	post-proxy {
	}
}

proxy.conf:

proxy server {
	default_fallback = no
}
# /usr/bin/radrelay -S /etc/raddb/secret.calix -r 199.71.142.73 detail-calix
home_server calix {
	type = acct
	ipaddr = 199.71.142.73
	port = 1813
	secret = xxx
	status_check = none
	check_interval = 30
	check_timeout = 4
	num_answers_to_alive = 3
	max_outstanding = 65536
}

home_server_pool calix_pool {
	type = fail-over
	home_server = calix
}

realm calix {
	acct_pool = calix_pool
}


# /usr/bin/radrelay -S /etc/raddb/secret.newcalix -r 199.71.142.73
detail-newcalix
home_server newcalix {
	type = acct
	ipaddr = 199.71.143.36
	port = 1813
	secret = xxx
	status_check = none
	check_interval = 30
	check_timeout = 4
	num_answers_to_alive = 3
	max_outstanding = 65536
}

home_server_pool newcalix_pool {
	type = fail-over
	home_server = newcalix
}

realm newcalix {
	acct_pool = newcalix_pool
}


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3978 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20190121/fac9143d/attachment-0001.bin>

More information about the Freeradius-Users mailing list