Difference between revisions of "Freeradius"
From neil.tappsville.com
Jump to navigationJump to search (Created page with "=Freeradius= https://freeradius.org/ ==Replicate / Forward Records== Fire and forget (no socket is opened up to wait for a response from the downstream server) Frontend -->...") |
m |
||
| Line 6: | Line 6: | ||
Fire and forget (no socket is opened up to wait for a response from the downstream server) | Fire and forget (no socket is opened up to wait for a response from the downstream server) | ||
| − | Frontend --> downstream-replicate-realm | + | * Frontend --> downstream-replicate-realm |
| − | downstream-replicate-realm --> downstream-replicate-pool | + | * downstream-replicate-realm --> downstream-replicate-pool |
| − | downstream-replicate-pool --> downstream-replicate homeserver | + | * downstream-replicate-pool --> downstream-replicate homeserver |
sites-available/frontend.conf | sites-available/frontend.conf | ||
| Line 44: | Line 44: | ||
This will not lock the freeradius frontend server, and expects the downstream radius server to reply once the record has been received | This will not lock the freeradius frontend server, and expects the downstream radius server to reply once the record has been received | ||
| − | Frontend --> local-spool | + | * Frontend writes to --> local-spool-detail |
| − | local-spool | + | * local-relay reads from local-spool-detail |
| − | downstream- | + | * server local-relay --> downstream-relay-realm |
| − | downstream- | + | * downstream-relay-realm --> downstream-relay-pool |
| + | * downstream-relay-pool --> downstream-relay homeserver | ||
| Line 58: | Line 59: | ||
... | ... | ||
</pre> | </pre> | ||
| + | |||
| + | |||
| + | mods-available/local-spool-detail | ||
| + | <pre> | ||
| + | detail local-spool-detail { | ||
| + | filename = ${radacctdir}/local-spool-detail/detail-%Y%m%d:%H:%G | ||
| + | |||
| + | # Lock the file, as this is being read in. | ||
| + | locking = yes | ||
| + | } | ||
| + | </pre> | ||
| + | |||
| + | |||
| + | sites-available/downstream-relay.conf | ||
| + | <pre> | ||
| + | home_server downstream-relay { | ||
| + | type = acct | ||
| + | ipaddr = 192.168.1.1 | ||
| + | port = 1813 | ||
| + | secret = "secret" | ||
| + | status_check = request | ||
| + | username = "test_user_status_check" | ||
| + | response_window = 6 | ||
| + | } | ||
| + | |||
| + | home_server_pool downstream-relay-pool { | ||
| + | type = load-balance | ||
| + | home_server = downstream-relay | ||
| + | virtual_server = local-relay | ||
| + | } | ||
| + | realm downstream-relay-realm { | ||
| + | acct_pool = downstream-relay-pool | ||
| + | } | ||
| + | |||
| + | # This server reads accounting packets from the spool file, and pushes it to the downstream-relay-realm realm. | ||
| + | server local-relay { | ||
| + | pre-proxy { | ||
| + | } | ||
| + | |||
| + | post-proxy { | ||
| + | } | ||
| + | |||
| + | listen { | ||
| + | type = detail | ||
| + | filename = "${radacctdir}/local-spool-detail/detail-*:*" | ||
| + | load_factor = 30 | ||
| + | track = yes | ||
| + | } | ||
| + | |||
| + | preacct { | ||
| + | } | ||
| + | |||
| + | accounting { | ||
| + | update control { | ||
| + | Proxy-To-Realm := "downstream-relay-realm" | ||
| + | } | ||
| + | } | ||
| + | } | ||
| + | |||
| + | /pre> | ||
Revision as of 03:58, 24 January 2020
Freeradius
Replicate / Forward Records
Fire and forget (no socket is opened up to wait for a response from the downstream server)
- Frontend --> downstream-replicate-realm
- downstream-replicate-realm --> downstream-replicate-pool
- downstream-replicate-pool --> downstream-replicate homeserver
sites-available/frontend.conf
server frontend {
...
preacct {
update control {
Replicate-To-Realm := "downstream-replicate-realm"
}
replicate
...
sites-available/downstream-replicate.conf
home_server downstream-replicate {
type = acct
ipaddr = 192.168.1.1
port = 1813
secret = "secret"
}
home_server_pool downstream-replicate-pool {
type = load-balance
home_server = downstream-replicate
}
realm downstream-replicate-realm {
acct_pool = downstream-replicate-pool
}
Proxy Records via a file buffer to a downstream radius server
This will not lock the freeradius frontend server, and expects the downstream radius server to reply once the record has been received
- Frontend writes to --> local-spool-detail
- local-relay reads from local-spool-detail
- server local-relay --> downstream-relay-realm
- downstream-relay-realm --> downstream-relay-pool
- downstream-relay-pool --> downstream-relay homeserver
sites-available/frontend.conf
server frontend {
...
preacct {
local-spool-detail
...
mods-available/local-spool-detail
detail local-spool-detail {
filename = ${radacctdir}/local-spool-detail/detail-%Y%m%d:%H:%G
# Lock the file, as this is being read in.
locking = yes
}
sites-available/downstream-relay.conf
home_server downstream-relay {
type = acct
ipaddr = 192.168.1.1
port = 1813
secret = "secret"
status_check = request
username = "test_user_status_check"
response_window = 6
}
home_server_pool downstream-relay-pool {
type = load-balance
home_server = downstream-relay
virtual_server = local-relay
}
realm downstream-relay-realm {
acct_pool = downstream-relay-pool
}
# This server reads accounting packets from the spool file, and pushes it to the downstream-relay-realm realm.
server local-relay {
pre-proxy {
}
post-proxy {
}
listen {
type = detail
filename = "${radacctdir}/local-spool-detail/detail-*:*"
load_factor = 30
track = yes
}
preacct {
}
accounting {
update control {
Proxy-To-Realm := "downstream-relay-realm"
}
}
}
/pre>
