Etienne Pretorius wrote:
Hello List,
I would like to know if it is possible to setup FreeRAIUS not to log
accounting info from a specific server to the detail file and still
log the accounting info into the local mysql database.
Some background on the subject:
I have recently taken over the maintenance of a couple of FreeRADIUS
servers. I'll be frank, I am not an experienced FreeRADIUS admin, so
my first priority was to get the accounting information synced at all
times between our servers. After some searching I found a couple of
documents and posts about radrelay and I have proceeded to set it up
on the servers hoping to achieve a two-way accounting replication
service.
+-----------+
+-----------+
| Primary | <===================== | Secondary |
| RADIUS | =====================> | RADIUS |
+-----------+
+-----------+
As the documentation is quite brief - I assume everything is working
fine. I kept my eye on the logs and started to see the following
appearing.
Wed Sep 27 17:37:45 2006 : Info: rlm_radutmp: Login entry for NAS <1>
port 1090715896 duplicate
Wed Sep 27 17:37:46 2006 : Info: rlm_radutmp: Login entry for NAS <1>
port 1090716313 duplicate
(Also please note that I am aware of record duplication coming from my
upstream provider's RADIUS proxy)
When I killed radrelay on the Secondary then everything was OK except
I now only have a one-way replication happening. Looking at the sql
tables showed that there are about double the amount of records on the
primary then on the secondary for that time period.
As I have little experience on configuring FreeRadius (We all have to
start somewhere), I would greatly appreciate the any help or comments
about the subject at hand.
Thank you.
Etienne Pretorius
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Just for those that might be interested,
After you get radrelay to sync one-way in both directions then you do
the following...
You configure in acct_users the following:
# This Configuration prevents Accounting loops of a two-way radrelay sync
# [o] Radrelay must be sending accounting info from IP(s) below
# on the other Radius server(s)
DEFAULT Client-IP-Address != "<SECONDARY RADIUS IP>", Acct-type :=
"RADRELAY"
and then in radiusd.conf under 'preacct' you uncomment files like so:
#
# Read the 'acct_users' file
files
and then under 'accounting' you configure the following:
# If Acct-Type is RADRELAY then log to sql module AND to detail file
# for radrelay - accounting sync daemon
Acct-Type RADRELAY {
radrelay
sql
}
This basically means that all accounting packets NOT from the SECONDARY
RADIUS server will have the
sql module and the detail module applied to it, while all other packets
from the other clients will be processed
normally.
more info on the technique can be found under doc/Acct-Type.
Etienne Pretorius.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
