Freeradius
From neil.tappsville.com
Jump to navigationJump to searchFreeradius
Replicate / Forward Records
Fire and forget (no socket is opened up to wait for a response from the downstream server)
- Frontend --> downstream-replicate-realm
- downstream-replicate-realm --> downstream-replicate-pool
- downstream-replicate-pool --> downstream-replicate homeserver
sites-available/frontend.conf
server frontend { ... preacct { update control { Replicate-To-Realm := "downstream-replicate-realm" } replicate ...
sites-available/downstream-replicate.conf
home_server downstream-replicate { type = acct ipaddr = 192.168.1.1 port = 1813 secret = "secret" } home_server_pool downstream-replicate-pool { type = load-balance home_server = downstream-replicate } realm downstream-replicate-realm { acct_pool = downstream-replicate-pool }
Proxy Records via a file buffer to a downstream radius server
This will not lock the freeradius frontend server, and expects the downstream radius server to reply once the record has been received
- Frontend writes to --> local-spool-detail
- local-relay reads from local-spool-detail
- server local-relay --> downstream-relay-realm
- downstream-relay-realm --> downstream-relay-pool
- downstream-relay-pool --> downstream-relay homeserver
sites-available/frontend.conf
server frontend { ... preacct { local-spool-detail ...
mods-available/local-spool-detail
detail local-spool-detail { filename = ${radacctdir}/local-spool-detail/detail-%Y%m%d:%H:%G # Lock the file, as this is being read in. locking = yes }
sites-available/downstream-relay.conf
home_server downstream-relay { type = acct ipaddr = 192.168.1.1 port = 1813 secret = "secret" status_check = request username = "test_user_status_check" response_window = 6 } home_server_pool downstream-relay-pool { type = load-balance home_server = downstream-relay virtual_server = local-relay } realm downstream-relay-realm { acct_pool = downstream-relay-pool } # This server reads accounting packets from the spool file, and pushes it to the downstream-relay-realm realm. server local-relay { pre-proxy { } post-proxy { } listen { type = detail filename = "${radacctdir}/local-spool-detail/detail-*:*" load_factor = 30 track = yes } preacct { } accounting { update control { Proxy-To-Realm := "downstream-relay-realm" } } } /pre>