Hugh,
Thanks for the help. One question, see below:
On Wed, 6 Sep 2000, Hugh Irvine wrote:
>
> City B with IP 1.2.3.4 running v2.16.1:
>
> .....
>
> <Client 5.6.7.8>
> Secret somesecret
> .....
> </Client>
>
> .....
>
> <AuthBy RADIUS>
> Identifier Forward_All_Requests_To_City_A
> Host 5.6.7.8
> Secret blah
> </AuthBy>
>
> <Handler Request-Type = Accounting-Request, Client-Id = 5.6.7.8>
> RewriteUsername tr/A-Z/a-z/;
> AcctLogFileName /radius_logs/%R/%m-%d-%Y/%c
> <AuthBy TEST>
> </AuthBy>
> </Handler>
>
> <Handler Realm = /e-net.com.br/i>
> RewriteUsername tr/A-Z/a-z/;
> AcctLogFileName /radius_logs/%R/%m-%d-%Y/%c
> AuthBy Forward_All_Requests_To_City_A
> </Handler>
Won't this result in duplicate accounting in City B when a user logs in
City B with a realm from City A? That is, a user logs in with
[EMAIL PROTECTED] in City B. Accounting packet is sent to radius server in
City B, which logs locally, then forwards to City A. City A then logs the
accounting locally and forwards it back to City B, which from the:
<Handler Request-Type = Accounti...
clause, has the accounting stored locally in City B again. Would it be
correct to just remove the AcctLogFileName from the clause:
<Handler Realm = /e-net.com.br/i>
And then depend on the proxied back accounting for local storage?
Thanks.
Viraj.
>
>
> Hopefully you get the idea. If you have problems, please feel free to ask any
> questions.
>
> regards
>
> Hugh
>
>
> On Wed, 06 Sep 2000, Viraj Alankar wrote:
> > Hello,
> >
> > We have a situation in which we have 2 Radiator servers setup, one
> > in city A and one in city B. Our goal is the following:
> >
> > Users authenticating in city A authenticate and store accounting locally,
> > but also forward accounting to city B.
> >
> > Users with realms from city A can login to city B. Basically city B
> > forwards authentication & accounting for those realms to the radius server
> > running in city A. However, accounting must be also be stored locally in
> > city B.
> >
> > The idea is that both city A and city B need the get the accounting
> > associated with realms from city A.
> >
> > I've done what I believe is the proper configuration, but it seems like
> > what is happening is the accounting packets are ping-ponging back and
> > forth between the radius servers when a user logs into city A. The
> > accounting logs in city A show the following:
> >
> > Tue Sep 5 10:30:25 2000
> > Acct-Status-Type = Start
> > Acct-Session-Id = "a10a6962"
> > Acct-Delay-Time = 15
> > NAS-Port = 39
> > NAS-Port-Type = Async
> > User-Name = "[EMAIL PROTECTED]"
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > Called-Station-Id = "8400"
> > Idle-Timeout = 900
> > Connect-Info = "26400 19200 V.34"
> > Acct-Authentic = RADIUS
> > NAS-IP-Address = 199.199.199.199
> > Timestamp = 968160482
> > Timestamp = 968160619
> > Timestamp = 968160483
> > Timestamp = 968160620
> > Timestamp = 968160484
> > Timestamp = 968160620
> > Timestamp = 968160485
> > Timestamp = 968160622
> > Timestamp = 968160486
> > Timestamp = 968160623
> > ...
> >
> > and so on. It appears a duplicate accounting packets are dumped, each one
> > with one more Timestamp field. This is what tells me that accounting must
> > be being bounced back and forth.
> >
> > Here is the relevant configuration we have in city A with radius server IP
> > 5.6.7.8 running v2.16.3:
> >
> > <Realm /e-net.com.br/i>
> > AuthByPolicy DoAll
> >
> > # Lower case everything
> > RewriteUsername tr/A-Z/a-z/;
> >
> > AcctLogFileName /radius/radiator/%c/detail
> >
> > # Forward accounting to City B
> > <AuthBy RADIUS>
> > Host 1.2.3.4
> > Secret blah
> > RetryTimeout 30
> > NoForwardAuthentication
> > </AuthBy>
> >
> > # Authentication, also some work with Accounting
> > <AuthBy SQL>
> > ....
> > </AuthBy>
> > </Realm>
> >
> > And in City B with IP 1.2.3.4 running v2.16.1:
> >
> > <Realm /e-net.com.br/i>
> > RewriteUsername tr/A-Z/a-z/;
> > AcctLogFileName /radius_logs/%R/%m-%d-%Y/%c
> > <AuthBy RADIUS>
> > Host 5.6.7.8
> > Secret blah
> > </AuthBy>
> > </Realm>
> >
> > Now what I believe must be happening is a user logs in at city A. An
> > accounting packet is generated from the RAS and sent to the radius server
> > in city A. This server stores it locally, then forwards the accounting to
> > city B. Now city B gets the accounting and sees that it is the
> > e-net.com.br realm, and then forwards it back to city A, and then back and
> > forth. I am not sure if this is happening though, because I thought the
> > Proxy state flag would be set and no more forwarding would take place.
> >
> > If it will help that I get some debug information, please let me know. I
> > was thinking someone could point out an error in my configuration or if
> > I'm doing something else wrong.
> >
> > Thanks for any help.
> >
> > Viraj.
> >
> >
> > ===
> > Archive at http://www.starport.net/~radiator/
> > Announcements on [EMAIL PROTECTED]
> > To unsubscribe, email '[EMAIL PROTECTED]' with
> > 'unsubscribe radiator' in the body of the message.
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
>
>
>
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
