Difference between revisions of "Freeradius"
From neil.tappsville.com
Jump to navigationJump to searchm |
m |
||
Line 119: | Line 119: | ||
/pre> | /pre> | ||
+ | |||
+ | ==Send COA== | ||
+ | Change Juniper subscriber cos policy rate - Need to know the secret of every bng | ||
+ | echo 'Acct-Session-Id="8481644", ERX-CoS-Shaping-Pmt-Type="T02 215m"' | radclient -d /etc/raddb -sx BNG_IP_ADDRESS coa -S "FILE_WITH_SECRET" | ||
+ | |||
+ | Or if you have a coa proxy (only need to know the secret of the local freeradius server as it proxys the coa and re-does the secret for the bng) | ||
+ | echo 'Acct-Session-Id="8481644", ERX-CoS-Shaping-Pmt-Type="T02 215m", PrivateCustom-CoA-NAS="103.241.56.192"' | radclient -d /etc/raddb -sx 127.0.0.1 coa -S "FILE_WITH_LOCALHOST_SECRET" |
Revision as of 21:19, 29 April 2020
Contents
Freeradius
Replicate / Forward Records
Fire and forget (no socket is opened up to wait for a response from the downstream server)
- Frontend --> downstream-replicate-realm
- downstream-replicate-realm --> downstream-replicate-pool
- downstream-replicate-pool --> downstream-replicate homeserver
sites-available/frontend.conf
server frontend { ... preacct { update control { Replicate-To-Realm := "downstream-replicate-realm" } replicate ...
sites-available/downstream-replicate.conf
home_server downstream-replicate { type = acct ipaddr = 192.168.1.1 port = 1813 secret = "secret" } home_server_pool downstream-replicate-pool { type = load-balance home_server = downstream-replicate } realm downstream-replicate-realm { acct_pool = downstream-replicate-pool }
Proxy Records via a file buffer to a downstream radius server
This will not lock the freeradius frontend server, and expects the downstream radius server to reply once the record has been received
- Frontend writes to --> local-spool-detail
- local-relay reads from local-spool-detail
- server local-relay --> downstream-relay-realm
- downstream-relay-realm --> downstream-relay-pool
- downstream-relay-pool --> downstream-relay homeserver
sites-available/frontend.conf
server frontend { ... preacct { local-spool-detail ...
mods-available/local-spool-detail
detail local-spool-detail { filename = ${radacctdir}/local-spool-detail/detail-%Y%m%d:%H:%G # Lock the file, as this is being read in. locking = yes }
sites-available/downstream-relay.conf
home_server downstream-relay { type = acct ipaddr = 192.168.1.1 port = 1813 secret = "secret" status_check = request username = "test_user_status_check" response_window = 6 } home_server_pool downstream-relay-pool { type = load-balance home_server = downstream-relay virtual_server = local-relay } realm downstream-relay-realm { acct_pool = downstream-relay-pool } # This server reads accounting packets from the spool file, and pushes it to the downstream-relay-realm realm. server local-relay { pre-proxy { } post-proxy { } listen { type = detail filename = "${radacctdir}/local-spool-detail/detail-*:*" load_factor = 30 track = yes } preacct { } accounting { update control { Proxy-To-Realm := "downstream-relay-realm" } } } /pre>Send COA
Change Juniper subscriber cos policy rate - Need to know the secret of every bng echo 'Acct-Session-Id="8481644", ERX-CoS-Shaping-Pmt-Type="T02 215m"' | radclient -d /etc/raddb -sx BNG_IP_ADDRESS coa -S "FILE_WITH_SECRET" Or if you have a coa proxy (only need to know the secret of the local freeradius server as it proxys the coa and re-does the secret for the bng) echo 'Acct-Session-Id="8481644", ERX-CoS-Shaping-Pmt-Type="T02 215m", PrivateCustom-CoA-NAS="103.241.56.192"' | radclient -d /etc/raddb -sx 127.0.0.1 coa -S "FILE_WITH_LOCALHOST_SECRET"