Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / c713e45847bd378a3b734e97bc32e4df8514519c / . / src / test / setup / radius-config / freeradius / sites-available / copy-acct-to-home-server
blob: 5f962f8baa6ffbf5cb204a3a8c0d7b668bc215a1 [file] [log] [blame]
Chetan Gaonker7f4bf742016-05-04 15:56:08 -0700[diff] [blame]1# -*- text -*-
2######################################################################
3#
4# In 2.0.0, radrelay functionality is integrated into the
5# server core. This virtual server gives an example of
6# using radrelay functionality inside of the server.
7#
8# In this example, the detail file is read, and the packets
9# are proxied to a home server. You will have to configure
10# realms, home_server_pool, and home_server in proxy.conf
11# for this to work.
12#
13# The purpose of this virtual server is to enable duplication
14# of information across a load-balanced, or fail-over set of
15# servers. For example, if a group of clients lists two
16# home servers (primary, secondary), then RADIUS accounting
17# messages will go only to one server at a time. This file
18# configures a server (primary, secondary) to send copies of
19# the accounting information to each other.
20#
21# That way, each server has the same set of information, and
22# can make the same decision about the user.
23#
24# $Id: 2869287260929f35d1a575b52014de20ce6cf3bb $
25#
26######################################################################
27
28server copy-acct-to-home-server {
29 listen {
30 type = detail
31
32 ######################################################
33 #
34 # !!!! WARNING !!!!
35 #
36 # The detail file reader acts just like a NAS.
37 #
38 # This means that if accounting fails, the packet
39 # is re-tried FOREVER. It is YOUR responsibility
40 # to write an accounting policy that returns "ok"
41 # if the packet was processed properly, "fail" on
42 # a database error, AND "ok" if you want to ignore
43 # the packet (e.g. no Acct-Status-Type).
44 #
45 # Neither the detail file write OR the detail file
46 # reader look at the contents of the packets. They
47 # just either dump the packet verbatim to the file,
48 # or read it verbatim from the file and pass it to
49 # the server.
50 #
51 ######################################################
52
53
54 # The location where the detail file is located.
55 # This should be on local disk, and NOT on an NFS
56 # mounted location!
57 #
58 # On most systems, this should support file globbing
59 # e.g. "${radacctdir}/detail-*:*"
60 # This lets you write many smaller detail files as in
61 # the example in radiusd.conf: ".../detail-%Y%m%d:%H"
62 # Writing many small files is often better than writing
63 # one large file. File globbing also means that with
64 # a common naming scheme for detail files, then you can
65 # have many detail file writers, and only one reader.
66 filename = ${radacctdir}/detail
67
68 #
69 # The server can read accounting packets from the
70 # detail file much more quickly than those packets
71 # can be written to a database. If the database is
72 # overloaded, then bad things can happen.
73 #
74 # The server will keep track of how long it takes to
75 # process an entry from the detail file. It will
76 # then pause between handling entries. This pause
77 # allows databases to "catch up", and gives the
78 # server time to notice that other packets may have
79 # arrived.
80 #
81 # The pause is calculated dynamically, to ensure that
82 # the load due to reading the detail files is limited
83 # to a small percentage of CPU time. The
84 # "load_factor" configuration item is a number
85 # between 1 and 100. The server will try to keep the
86 # percentage of time taken by "detail" file entries
87 # to "load_factor" percentage of the CPU time.
88 #
89 # If the "load_factor" is set to 100, then the server
90 # will read packets as fast as it can, usually
91 # causing databases to go into overload.
92 #
93 load_factor = 10
94 }
95
96 #
97 # Pre-accounting. Decide which accounting type to use.
98 #
99 preacct {
100 preprocess
101
102 # Since we're just proxying, we don't need acct_unique.
103
104 #
105 # Look for IPASS-style 'realm/', and if not found, look for
106 # '@realm', and decide whether or not to proxy, based on
107 # that.
108 #
109 # Accounting requests are generally proxied to the same
110 # home server as authentication requests.
111 # IPASS
112 suffix
113 # ntdomain
114
115 #
116 # Read the 'acct_users' file. This isn't always
117 # necessary, and can be deleted if you do not use it.
118 files
119 }
120
121 #
122 # Accounting. Log the accounting data.
123 #
124 accounting {
125 #
126 # Since we're proxying, we don't log anything
127 # locally. Ensure that the accounting section
128 # "succeeds" by forcing an "ok" return.
129 ok
130 }
131
132
133 #
134 # When the server decides to proxy a request to a home server,
135 # the proxied request is first passed through the pre-proxy
136 # stage. This stage can re-write the request, or decide to
137 # cancel the proxy.
138 #
139 # Only a few modules currently have this method.
140 #
141 pre-proxy {
142
143 # If you want to have a log of packets proxied to a home
144 # server, un-comment the following line, and the
145 # 'detail pre_proxy_log' section in radiusd.conf.
146 # pre_proxy_log
147 }
148
149 #
150 # When the server receives a reply to a request it proxied
151 # to a home server, the request may be massaged here, in the
152 # post-proxy stage.
153 #
154 post-proxy {
155 #
156
157 # If you want to have a log of replies from a home
158 # server, un-comment the following line, and the
159 # 'detail post_proxy_log' section in radiusd.conf.
160 # post_proxy_log
161
162
163 # Uncomment the following line if you want to filter
164 # replies from remote proxies based on the rules
165 # defined in the 'attrs' file.
166
167 # attr_filter
168 }
169}