I apologize in advance if this question is answered in the documentation, but if it is, I haven't been able to find it.
I have the following setup: - Client daemon running on host A - FreeRADIUS 2.0.4 server running on host A proxying auth requests - Two Remote RADIUS servers serving authentication from a load-balanced pool - The client daemon sends authentication requests to the FreeRADIUS server with a username and password over loopback. - The FreeRADIUS server receives the Access-Request and proxies it to the remote RADIUS servers. - Responses from the RADIUS server are proxied back to the client daemon for action. - Accounting records are sent by the client daemon, however they are "swallowed" by the FreeRADIUS server (always ok) as accounting is not being used at this point. The first thing I will mention is that this I do not have any issue with this configuration; i.e. it works exactly the way it's supposed to. Recently, however, there has been reason to suspect that the two remote RADIUS servers are behaving inconsistently with each other (i.e. auth fails on one and then immediately succeeds on the other). Unfortunately, I have zero access to the remote RADIUS servers and limited access to the folks who could tell me whether something is, in fact, wrong with the remote configuration. In order to provide statistics on my end or at least look for trends, I would like to keep track of what remote server a given request is proxied to, but I can't seem to find an easy way of doing it: - I have auth_logging turned on so that my radius.log file contains basic Yay/Nay information about a particular auth request, but the IP of the server the request was proxied to is not included. - I have detail configured for auth-detail, pre-proxy-detail, post-proxy-detail, and reply-detail. All are pretty much stock except I put the User-Name into the header in a couple of them. None of these show the IP of the particular home server that a given request was sent to. I do understand that I can get this information if I run a full debug trace, however this is a production system and I don't need all that information, just one little piece, nor do I want to run a production server outputting to stdout. I have also peeled through all the dictionary files looking for an appropriate RADIUS Attribute which I could use. I found Packet-Src-Ip-Address and Packet-Dst-Ip-Address, which didn't work in any of the detail sections, as they all returned 127.0.0.1, which makes some sense to me given the initial source and destination of the request packets; I'm also pretty sure I shouldn't be using parameters from dictionary.freeradius.internal this way. I also found FreeRADIUS-Proxied-To, however it appears that's only for accounting packets. So my question is this: short of editing the source to make the auth_log pop the home server being contacted into the loglines in radius.log, is there any way to get that information on a per-request basis? Is there some unlang magic I could work in the pre- or post-processing phases? It doesn't really matter to me where the information goes, as long as I can associate it with a particular request. Thanks, /a -- Aaron Spanik [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
