Forward copy of accounting events

Alan DeKok alan.dekok at inkbridge.io
Wed Jan 14 16:24:09 UTC 2026 

On Jan 14, 2026, at 10:52 AM, Karl Frauendienst via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I'm on my second FreeRADIUS installation, so I'm still getting a feel for how it works.  It's authenticating WiFi users against Active Directory using the winbind + LDAP method described on the website.  I have the winbind authentication and LDAP attribute checks working, and users are able to successfully connect, but I'm stuck on something with the accounting.  This network has a device that tracks user logon events by receiving RADIUS accounting events (essentially keeps up with what user is on what IP address), but it's not really suitable as the only accounting server when it comes to troubleshooting or other matters.

  That's a good start.

> What I need is for FreeRADIUS to continue logging accounting events to disk as it is currently, but I need an additional copy of accounting events forwarded to another IP address.  I know how to do this in Windows NPS, but I'm still trying to wrap my head around how to configure that in FreeRADIUS.  I'm running FreeRADIUS 3.2.8 on Ubuntu Server 24.0.3.

  One large difference between NPS and FreeRADIUS is that NPS has a limited GUI, and FreeRADIUS has an unlimited configuration.

  When NPS provides a "point and click" interface to do something, it's trivial to do.  Otherwise, it's impossible.

  FreeRADIUS doesn't provide a GUI.  Instead, it provides a set of tools (modules, examples, etc.)  You can combine those tools in almost unlimited ways to get things done.

 For this issue, the problem is really defining what you want FreeRADIUS to do:

* log to disk.  This means using the "detail" module.

* proxying, too.  This means using Proxy-To-Realm and the proxy.conf file.

  The default configuration has the "detail" module in the "accounting" section.  You can leave that there.

  After the "detail" module, you can tell the server to proxy the packet, too:

	update control {
		Proxy-To-Realm := "server1"
	}

  Then, edit proxy.conf, and add a realm "server1", along with a home server pool, and a home server.  It should then work.

  Alan DeKok.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20260114/ef5dc11f/attachment.sig>

More information about the Freeradius-Users mailing list