1radrelay.conf(5)         FreeRADIUS configuration file        radrelay.conf(5)
2
3
4

NAME

6       radrelay.conf - configuration file for the FreeRADIUS server "radrelay"
7       personality
8

DESCRIPTION

10       The radrelay.conf file resides in the  radius  database  directory,  by
11       default  /etc/raddb.   It  defines  the  global  configuration  for the
12       FreeRADIUS server, when the server is operating as "radrelay".
13

FILE FORMAT

15       For a detailed description of the file format, see "man  radiusd.conf".
16       The  configuration  entries are much the same for radrelay.conf, with a
17       few differences as noted here.
18

REPLICATION FOR BACKUPS

20       Many sites run multiple radius servers; at least one  primary  and  one
21       backup  server.  When the primary goes down, most NASes detect that and
22       switch to the backup server.
23
24       That will cause your accounting packets to go to the  backup  server  -
25       and  some  NASes  don't  even switch back to the primary server when it
26       comes back up.
27
28       The result is that accounting records are missed, and/or  the  adminis‐
29       trator must jump through hoops in order to combine the different detail
30       files from multiple servers. It also means that  the  session  database
31       ("radutmp", used for radwho and simultaneous use detection) gets out of
32       sync.
33
34       radrelay solves this issue by "relaying" packets  from  one  server  to
35       another, so they both have the same set of accounting data.
36

BUFFERING FOR HIGH-LOAD SERVERS

38       If the RADIUS server suddenly receives a many accounting packets, there
39       may be insufficient CPU power to process them all in a  timely  manner.
40       This  problem  is especially noticeable when the accounting packets are
41       going to a back-end database.
42
43       Similarly, you may have one database that tracks "live"  sessions,  and
44       another  that tracks historical accounting data.  In that case, access‐
45       ing the first database is fast, as it is small.  Accessing  the  second
46       database  many be slower, as it may contain multiple gigabytes of data.
47       In addition, writing to the first database in a timely manner is impor‐
48       tant,  while data may be written to the second database with a few min‐
49       utes delay, without any harm being done.
50

RELAYING OF ACCOUNTING PACKETS

52       The radrelay.conf file  controls  the  "radrelay"  personality  of  the
53       server, which can perform both of the functions above at the same time.
54

USAGE

56       First,  you should configure the main radius server to log to an extra,
57       single detail file.  This may be done by adding an  extra  instance  of
58       the detail module to radiusd.conf:
59
60       For example:
61
62            detail radrelay-detail {
63                 filename = ${radacctdir}/radrelay/detail
64                 permissions = 0600
65                 dir_permissions = 0755
66                 locking = yes
67            }
68            ...
69            accounting {
70                 ...
71                 radrelay-detail
72                 ...
73            }
74       This  configuration  will  cause accounting packets to be logged to the
75       ${radacctdir}/radrelay/detail file.  This file should not be rotated by
76       standard  log  rotation  scripts, as the radrelay program will read and
77       rotate it.
78

RADRELAY.CONF EXAMPLE

80       See the radrelay.conf file for detailed instructions  on  configuration
81       entries, what they mean, and how to use them.
82
83       To  have  the  "radrelay"  portion  of the server read the above detail
84       file, configure radrelay.conf with the following section:
85
86            listen {
87                 type = detail
88                 filename = ${radacctdir}/radrelay/detail
89                 max_outstanding = 100
90                 identity = radrelay
91            }
92
93       The server will read the accounting packets from the detail  file,  and
94       process  them just as if it had received them from the NAS.  Therefore,
95       you should configure the "accounting" section of radrelay.conf to write
96       the  accounting records to an "sql" module, or to proxy them to another
97       RADIUS server.
98
99       Then, start the server via the following command:
100
101       $ radiusd -n radrelay
102
103       The server should start up, read the detail file, and process  account‐
104       ing packets from it.
105

NOTES

107       The  radiusd.conf file is not read at all when the server is running as
108       radrelay.  Please edit radrelay.conf.
109

CREDITS

111       The original "radrelay" program was written by Miquel  van  Smoorenburg
112       for  the  Cistron  radius  project,  and  ported to FreeRADIUS by Simon
113       Ekstrand.  The "radsqlrelay" was written by Kostas  Kalavras.   It  was
114       never released as part of an official FreeRADIUS release, but served as
115       a basis for the design of this implementation.
116

FILES

118       /etc/raddb/radrelay.conf
119

SEE ALSO

121       radiusd(8), radiusd.conf(5)
122

AUTHOR

124       Alan DeKok <aland@ox.org>
125
126
127
128                                  27 May 2005                 radrelay.conf(5)
Impressum