1radrelay.conf(5) FreeRADIUS configuration file radrelay.conf(5)
2
3
4
6 radrelay.conf - configuration file for the FreeRADIUS server "radrelay"
7 personality
8
10 The radrelay.conf file resides in the radius database directory, by
11 default /etc/raddb. It defines the global configuration for the
12 FreeRADIUS server, when the server is operating as "radrelay".
13
15 For a detailed description of the file format, see "man radiusd.conf".
16 The configuration entries are much the same for radrelay.conf, with a
17 few differences as noted here.
18
20 Many sites run multiple radius servers; at least one primary and one
21 backup server. When the primary goes down, most NASes detect that and
22 switch to the backup server.
23
24 That will cause your accounting packets to go to the backup server -
25 and some NASes don't even switch back to the primary server when it
26 comes back up.
27
28 The result is that accounting records are missed, and/or the adminis‐
29 trator must jump through hoops in order to combine the different detail
30 files from multiple servers. It also means that the session database
31 ("radutmp", used for radwho and simultaneous use detection) gets out of
32 sync.
33
34 radrelay solves this issue by "relaying" packets from one server to
35 another, so they both have the same set of accounting data.
36
38 If the RADIUS server suddenly receives a many accounting packets, there
39 may be insufficient CPU power to process them all in a timely manner.
40 This problem is especially noticeable when the accounting packets are
41 going to a back-end database.
42
43 Similarly, you may have one database that tracks "live" sessions, and
44 another that tracks historical accounting data. In that case, access‐
45 ing the first database is fast, as it is small. Accessing the second
46 database many be slower, as it may contain multiple gigabytes of data.
47 In addition, writing to the first database in a timely manner is impor‐
48 tant, while data may be written to the second database with a few min‐
49 utes delay, without any harm being done.
50
52 The radrelay.conf file controls the "radrelay" personality of the
53 server, which can perform both of the functions above at the same time.
54
56 First, you should configure the main radius server to log to an extra,
57 single detail file. This may be done by adding an extra instance of
58 the detail module to radiusd.conf:
59
60 For example:
61
62 detail radrelay-detail {
63 filename = ${radacctdir}/radrelay/detail
64 permissions = 0600
65 dir_permissions = 0755
66 locking = yes
67 }
68 ...
69 accounting {
70 ...
71 radrelay-detail
72 ...
73 }
74 This configuration will cause accounting packets to be logged to the
75 ${radacctdir}/radrelay/detail file. This file should not be rotated by
76 standard log rotation scripts, as the radrelay program will read and
77 rotate it.
78
80 See the radrelay.conf file for detailed instructions on configuration
81 entries, what they mean, and how to use them.
82
83 To have the "radrelay" portion of the server read the above detail
84 file, configure radrelay.conf with the following section:
85
86 listen {
87 type = detail
88 filename = ${radacctdir}/radrelay/detail
89 max_outstanding = 100
90 identity = radrelay
91 }
92
93 The server will read the accounting packets from the detail file, and
94 process them just as if it had received them from the NAS. Therefore,
95 you should configure the "accounting" section of radrelay.conf to write
96 the accounting records to an "sql" module, or to proxy them to another
97 RADIUS server.
98
99 Then, start the server via the following command:
100
101 $ radiusd -n radrelay
102
103 The server should start up, read the detail file, and process account‐
104 ing packets from it.
105
107 The radiusd.conf file is not read at all when the server is running as
108 radrelay. Please edit radrelay.conf.
109
111 The original "radrelay" program was written by Miquel van Smoorenburg
112 for the Cistron radius project, and ported to FreeRADIUS by Simon
113 Ekstrand. The "radsqlrelay" was written by Kostas Kalavras. It was
114 never released as part of an official FreeRADIUS release, but served as
115 a basis for the design of this implementation.
116
118 /etc/raddb/radrelay.conf
119
121 radiusd(8), radiusd.conf(5)
122
124 Alan DeKok <aland@ox.org>
125
126
127
128 27 May 2005 radrelay.conf(5)