deployingradius and send Accounting to a nother server

Linux Threads linuxthreads at gmail.com
Mon Sep 28 14:32:53 CEST 2020 

Hi,

Thank you for taking the time,

On Mon, 2020-09-28 at 07:41 -0400, Alan DeKok wrote:
> On Sep 28, 2020, at 6:33 AM, Linux Threads <linuxthreads at gmail.com>
> wrote:
> > Hi Freeradius Users List,
> 
>   It's generally best to start your own thread, instead of replying
> to someone else message.
> 
> > Autentication works as per deployingradius Thank you, now I need
> > accounting packets forwarded to a nother Radius box via replicate
> > module, is this possible?
> 
>   Yes.
> 
>   It's documented.

the replicate module says that it works the same way as proxy


>   Do you have a *specific* question about how to do it, or about the
> documentation?

the user only authenticate with the nt-domain username, how is this
tied to a realm?

Mon Sep 28 09:46:43 2020 : Debug:  # Loading accounting {...}
Mon Sep 28 09:46:43 2020 : Debug:   replicate
Mon Sep 28 09:46:43 2020 : Debug:   update {
Mon Sep 28 09:46:43 2020 : Debug:    &control:Replicate-To-Realm :=
"CLIENT-ACCT-REALM"


replicate config file:
replicate {
 
home_server CLIENT-ACCT-SERVER { 
            type                  = acct 
            ipaddr               = 192.168.1.1 
            src_ipaddr         = 192.168.1.241 
            port                   = 1813 
            secret               = replicate-acct 
            require_message_authenticator = yes 
}   
 
home_server_pool CLIENT-ACCT-SERVER-POOL { 
            type = fail-over 
            home_server = CLIENT-ACCT-SERVER 
 
} 

realm CLIENT-ACCT-REALM { 
            type      = radius 
            pool      = CLIENT-ACCT-SERVER-POOL 
nosprip 
 
} 
}

sites-enabled/default 

accounting {
replicate
       update control {
        &Replicate-to-Realm := "CLIENT-ACCT-REALM"

if I place replicate module above update control or below it does not
matter same effect

I can get freeradius to send with the following command but I geuss it
does not come from the nas client

"echo Message-Authenticator=0x00|radclient 127.0.0.1 acct testing123
Received response ID 21, code 5, length = 20"

Mon Sep 28 14:06:42 2020 : Debug: (33) # Executing section accounting
from file /etc/freeradius/3.0/sites-enabled/default
Mon Sep 28 14:06:42
2020 : Debug: (33)   accounting {
Mon Sep 28 14:06:42 2020 : Debug: (33)
modsingle[accounting]: calling replicate (rlm_replicate)
Mon Sep 28
14:06:42 2020 : Debug: (33)     modsingle[accounting]: returned from
replicate (rlm_replicate)
Mon Sep 28 14:06:42 2020 : Debug: (33)    
[replicate] = noop
Mon Sep 28 14:06:42 2020 : Debug: (33)     update
control {
Mon Sep 28 14:06:42 2020 : Debug: (33)       &Replicate-to-
Realm := "CLIENT-ACCT-REALM"
Mon Sep 28 14:06:42 2020 : Debug: (33)    
} # update control = noop
Mon Sep 28 14:06:42 2020 : Debug: (33)    
modsingle[accounting]: calling detail (rlm_detail)

Mon Sep 28 14:25:29 2020 : Debug: (2) detail:    -->
/var/log/freeradius/radacct/127.0.0.1/detail-20200928


Mon Sep 28 14:25:29 2020
	Message-Authenticator = 0x4e938c9236a109448204634f7930a20d
	NAS-IP-Address = 127.0.0.1
	Event-Timestamp = "Sep 28 2020 14:25:29 SAST"
	Tmp-String-9 = "ai:"
	Acct-Unique-Session-Id = "a90afff2a77f213d484c7ec2be0d0330"
	Timestamp = 1601295929


>   Alan DeKok.

Regards

More information about the Freeradius-Users mailing list