Latest revision as of 21:20, 29 April 2020

Freeradius

Replicate / Forward Records

Fire and forget (no socket is opened up to wait for a response from the downstream server)

Frontend --> downstream-replicate-realm
downstream-replicate-realm --> downstream-replicate-pool
downstream-replicate-pool --> downstream-replicate homeserver

sites-available/frontend.conf

server frontend {
...
  preacct {
    update control {
        Replicate-To-Realm := "downstream-replicate-realm"
    }
    replicate
...

sites-available/downstream-replicate.conf

home_server downstream-replicate {
  type = acct
  ipaddr = 192.168.1.1
  port = 1813
  secret = "secret"
}

home_server_pool downstream-replicate-pool {
  type = load-balance
  home_server = downstream-replicate
}

realm downstream-replicate-realm {
  acct_pool = downstream-replicate-pool
}

Proxy Records via a file buffer to a downstream radius server

This will not lock the freeradius frontend server, and expects the downstream radius server to reply once the record has been received

Frontend writes to --> local-spool-detail
local-relay reads from local-spool-detail
server local-relay --> downstream-relay-realm
downstream-relay-realm --> downstream-relay-pool
downstream-relay-pool --> downstream-relay homeserver

sites-available/frontend.conf

server frontend {
...
  preacct {
    local-spool-detail
...

mods-available/local-spool-detail

detail local-spool-detail {
  filename = ${radacctdir}/local-spool-detail/detail-%Y%m%d:%H:%G

  # Lock the file, as this is being read in.
  locking = yes
}

sites-available/downstream-relay.conf

home_server downstream-relay {
  type = acct
  ipaddr = 192.168.1.1
  port = 1813
  secret = "secret"
  status_check = request
  username = "test_user_status_check"
  response_window = 6
}

home_server_pool downstream-relay-pool {
  type = load-balance
  home_server = downstream-relay
  virtual_server = local-relay
}
realm downstream-relay-realm {
  acct_pool = downstream-relay-pool
}

# This server reads accounting packets from the spool file, and pushes it to the downstream-relay-realm realm.
server local-relay {
  pre-proxy {
  }

  post-proxy {
  }

  listen {
    type = detail
    filename = "${radacctdir}/local-spool-detail/detail-*:*"
    load_factor = 30
    track = yes
  }

  preacct {
  }

  accounting {
    update control {
      Proxy-To-Realm := "downstream-relay-realm"
    }
  }
}

/pre>

Send COA
Change Juniper subscriber cos policy rate - Need to know the secret of every bng
 echo 'Acct-Session-Id="8481644", ERX-CoS-Shaping-Pmt-Type="T02 215m"' | radclient -d /etc/raddb -sx BNG_IP_ADDRESS coa -S "FILE_WITH_SECRET"

Or if you have a coa proxy (only need to know the secret of the local freeradius server as it proxys the coa and re-does the secret for the bng)
 echo 'Acct-Session-Id="8481644", ERX-CoS-Shaping-Pmt-Type="T02 215m", PrivateCustom-CoA-NAS="BNG_IP_ADDRESS"' | radclient -d /etc/raddb -sx 127.0.0.1 coa -S "FILE_WITH_LOCALHOST_SECRET"

Difference between revisions of "Freeradius"

Latest revision as of 21:20, 29 April 2020

Contents

Freeradius

Replicate / Forward Records

Proxy Records via a file buffer to a downstream radius server

Send COA

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Search

Tools

@@ Line 6: / Line 6: @@
 Fire and forget (no socket is opened up to wait for a response from the downstream server)
-Frontend --> downstream-replicate-realm
+* Frontend --> downstream-replicate-realm
-downstream-replicate-realm --> downstream-replicate-pool
+* downstream-replicate-realm --> downstream-replicate-pool
-downstream-replicate-pool --> downstream-replicate homeserver
+* downstream-replicate-pool --> downstream-replicate homeserver
 sites-available/frontend.conf
@@ Line 44: / Line 44: @@
 This will not lock the freeradius frontend server, and expects the downstream radius server to reply once the record has been received
-Frontend --> local-spool
+* Frontend writes to -->  local-spool-detail
-local-spool
+* local-relay reads from local-spool-detail
-downstream-replicate-realm --> downstream-replicate-pool
+* server local-relay --> downstream-relay-realm
-downstream-replicate-pool --> downstream-replicate homeserver
+* downstream-relay-realm --> downstream-relay-pool
+* downstream-relay-pool --> downstream-relay homeserver
@@ Line 58: / Line 59: @@
 ...
 </pre>
+mods-available/local-spool-detail
+<pre>
+detail local-spool-detail {
+  filename = ${radacctdir}/local-spool-detail/detail-%Y%m%d:%H:%G
+  # Lock the file, as this is being read in.
+  locking = yes
+}
+</pre>
+sites-available/downstream-relay.conf
+<pre>
+home_server downstream-relay {
+  type = acct
+  ipaddr = 192.168.1.1
+  port = 1813
+  secret = "secret"
+  status_check = request
+  username = "test_user_status_check"
+  response_window = 6
+}
+home_server_pool downstream-relay-pool {
+  type = load-balance
+  home_server = downstream-relay
+  virtual_server = local-relay
+}
+realm downstream-relay-realm {
+  acct_pool = downstream-relay-pool
+}
+# This server reads accounting packets from the spool file, and pushes it to the downstream-relay-realm realm.
+server local-relay {
+  pre-proxy {
+  }
+  post-proxy {
+  }
+  listen {
+    type = detail
+    filename = "${radacctdir}/local-spool-detail/detail-*:*"
+    load_factor = 30
+    track = yes
+  }
+  preacct {
+  }
+  accounting {
+    update control {
+      Proxy-To-Realm := "downstream-relay-realm"
+    }
+  }
+}
+/pre>
+==Send COA==
+Change Juniper subscriber cos policy rate - Need to know the secret of every bng
+ echo 'Acct-Session-Id="8481644", ERX-CoS-Shaping-Pmt-Type="T02 215m"' | radclient -d /etc/raddb -sx BNG_IP_ADDRESS coa -S "FILE_WITH_SECRET"
+Or if you have a coa proxy (only need to know the secret of the local freeradius server as it proxys the coa and re-does the secret for the bng)
+ echo 'Acct-Session-Id="8481644", ERX-CoS-Shaping-Pmt-Type="T02 215m", PrivateCustom-CoA-NAS="BNG_IP_ADDRESS"' | radclient -d /etc/raddb -sx 127.0.0.1 coa -S "FILE_WITH_LOCALHOST_SECRET"