Freeradius
From neil.tappsville.com
Contents
Freeradius
Replicate / Forward Records
Fire and forget (no socket is opened up to wait for a response from the downstream server)
- Frontend --> downstream-replicate-realm
- downstream-replicate-realm --> downstream-replicate-pool
- downstream-replicate-pool --> downstream-replicate homeserver
sites-available/frontend.conf
server frontend {
...
preacct {
update control {
Replicate-To-Realm := "downstream-replicate-realm"
}
replicate
...
sites-available/downstream-replicate.conf
home_server downstream-replicate {
type = acct
ipaddr = 192.168.1.1
port = 1813
secret = "secret"
}
home_server_pool downstream-replicate-pool {
type = load-balance
home_server = downstream-replicate
}
realm downstream-replicate-realm {
acct_pool = downstream-replicate-pool
}
Proxy Records via a file buffer to a downstream radius server
This will not lock the freeradius frontend server, and expects the downstream radius server to reply once the record has been received
- Frontend writes to --> local-spool-detail
- local-relay reads from local-spool-detail
- server local-relay --> downstream-relay-realm
- downstream-relay-realm --> downstream-relay-pool
- downstream-relay-pool --> downstream-relay homeserver
sites-available/frontend.conf
server frontend {
...
preacct {
local-spool-detail
...
mods-available/local-spool-detail
detail local-spool-detail {
filename = ${radacctdir}/local-spool-detail/detail-%Y%m%d:%H:%G
# Lock the file, as this is being read in.
locking = yes
}
sites-available/downstream-relay.conf
home_server downstream-relay {
type = acct
ipaddr = 192.168.1.1
port = 1813
secret = "secret"
status_check = request
username = "test_user_status_check"
response_window = 6
}
home_server_pool downstream-relay-pool {
type = load-balance
home_server = downstream-relay
virtual_server = local-relay
}
realm downstream-relay-realm {
acct_pool = downstream-relay-pool
}
# This server reads accounting packets from the spool file, and pushes it to the downstream-relay-realm realm.
server local-relay {
pre-proxy {
}
post-proxy {
}
listen {
type = detail
filename = "${radacctdir}/local-spool-detail/detail-*:*"
load_factor = 30
track = yes
}
preacct {
}
accounting {
update control {
Proxy-To-Realm := "downstream-relay-realm"
}
}
}
/pre>
Send COA
Change Juniper subscriber cos policy rate - Need to know the secret of every bng
echo 'Acct-Session-Id="8481644", ERX-CoS-Shaping-Pmt-Type="T02 215m"' | radclient -d /etc/raddb -sx BNG_IP_ADDRESS coa -S "FILE_WITH_SECRET"
Or if you have a coa proxy (only need to know the secret of the local freeradius server as it proxys the coa and re-does the secret for the bng)
echo 'Acct-Session-Id="8481644", ERX-CoS-Shaping-Pmt-Type="T02 215m", PrivateCustom-CoA-NAS="BNG_IP_ADDRESS"' | radclient -d /etc/raddb -sx 127.0.0.1 coa -S "FILE_WITH_LOCALHOST_SECRET"
