Hello Viraj -
I think you would be better off using Handlers, and setting up a specific
Handler for accounting requests from the proxy server:
City A with radius server IP 5.6.7.8 running v2.16.3:
.....
<Client 1.2.3.4>
Secret anothersecret
</Client>
.....
# Forward accounting to City B
<AuthBy RADIUS>
Identifier Forward_Accounting_To_City_B
Host 1.2.3.4
Secret blah
RetryTimeout 30
NoForwardAuthentication
</AuthBy>
# Authentication, also some work with Accounting
<AuthBy SQL>
Identifier Local_SQL
....
</AuthBy>
<Handler Realm = /e-net.com.br/i>
AuthByPolicy DoAll
# Lower case everything
RewriteUsername tr/A-Z/a-z/;
AcctLogFileName /radius/radiator/%c/detail
# Forward accounting to City B
AuthBy Forward_Accounting_To_City_B
# Authentication, also some work with Accounting
AuthBy Local_SQL
</Handler>
City B with IP 1.2.3.4 running v2.16.1:
.....
<Client 5.6.7.8>
Secret somesecret
.....
</Client>
.....
<AuthBy RADIUS>
Identifier Forward_All_Requests_To_City_A
Host 5.6.7.8
Secret blah
</AuthBy>
<Handler Request-Type = Accounting-Request, Client-Id = 5.6.7.8>
RewriteUsername tr/A-Z/a-z/;
AcctLogFileName /radius_logs/%R/%m-%d-%Y/%c
<AuthBy TEST>
</AuthBy>
</Handler>
<Handler Realm = /e-net.com.br/i>
RewriteUsername tr/A-Z/a-z/;
AcctLogFileName /radius_logs/%R/%m-%d-%Y/%c
AuthBy Forward_All_Requests_To_City_A
</Handler>
Hopefully you get the idea. If you have problems, please feel free to ask any
questions.
regards
Hugh
On Wed, 06 Sep 2000, Viraj Alankar wrote:
> Hello,
>
> We have a situation in which we have 2 Radiator servers setup, one
> in city A and one in city B. Our goal is the following:
>
> Users authenticating in city A authenticate and store accounting locally,
> but also forward accounting to city B.
>
> Users with realms from city A can login to city B. Basically city B
> forwards authentication & accounting for those realms to the radius server
> running in city A. However, accounting must be also be stored locally in
> city B.
>
> The idea is that both city A and city B need the get the accounting
> associated with realms from city A.
>
> I've done what I believe is the proper configuration, but it seems like
> what is happening is the accounting packets are ping-ponging back and
> forth between the radius servers when a user logs into city A. The
> accounting logs in city A show the following:
>
> Tue Sep 5 10:30:25 2000
> Acct-Status-Type = Start
> Acct-Session-Id = "a10a6962"
> Acct-Delay-Time = 15
> NAS-Port = 39
> NAS-Port-Type = Async
> User-Name = "[EMAIL PROTECTED]"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Called-Station-Id = "8400"
> Idle-Timeout = 900
> Connect-Info = "26400 19200 V.34"
> Acct-Authentic = RADIUS
> NAS-IP-Address = 199.199.199.199
> Timestamp = 968160482
> Timestamp = 968160619
> Timestamp = 968160483
> Timestamp = 968160620
> Timestamp = 968160484
> Timestamp = 968160620
> Timestamp = 968160485
> Timestamp = 968160622
> Timestamp = 968160486
> Timestamp = 968160623
> ...
>
> and so on. It appears a duplicate accounting packets are dumped, each one
> with one more Timestamp field. This is what tells me that accounting must
> be being bounced back and forth.
>
> Here is the relevant configuration we have in city A with radius server IP
> 5.6.7.8 running v2.16.3:
>
> <Realm /e-net.com.br/i>
> AuthByPolicy DoAll
>
> # Lower case everything
> RewriteUsername tr/A-Z/a-z/;
>
> AcctLogFileName /radius/radiator/%c/detail
>
> # Forward accounting to City B
> <AuthBy RADIUS>
> Host 1.2.3.4
> Secret blah
> RetryTimeout 30
> NoForwardAuthentication
> </AuthBy>
>
> # Authentication, also some work with Accounting
> <AuthBy SQL>
> ....
> </AuthBy>
> </Realm>
>
> And in City B with IP 1.2.3.4 running v2.16.1:
>
> <Realm /e-net.com.br/i>
> RewriteUsername tr/A-Z/a-z/;
> AcctLogFileName /radius_logs/%R/%m-%d-%Y/%c
> <AuthBy RADIUS>
> Host 5.6.7.8
> Secret blah
> </AuthBy>
> </Realm>
>
> Now what I believe must be happening is a user logs in at city A. An
> accounting packet is generated from the RAS and sent to the radius server
> in city A. This server stores it locally, then forwards the accounting to
> city B. Now city B gets the accounting and sees that it is the
> e-net.com.br realm, and then forwards it back to city A, and then back and
> forth. I am not sure if this is happening though, because I thought the
> Proxy state flag would be set and no more forwarding would take place.
>
> If it will help that I get some debug information, please let me know. I
> was thinking someone could point out an error in my configuration or if
> I'm doing something else wrong.
>
> Thanks for any help.
>
> Viraj.
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
