Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
radrelay.conf(5)	 FreeRADIUS configuration file	      radrelay.conf(5)

NAME
       radrelay.conf - configuration file for the FreeRADIUS server "radrelay"
       personality

DESCRIPTION
       The radrelay.conf file resides in the radius database directory,	by de-
       fault   /usr/local/share/examples/freeradius/raddb.    It  defines  the
       global configuration for	the FreeRADIUS server, when the	server is  op-
       erating as "radrelay".

FILE FORMAT
       For  a detailed description of the file format, see "man	radiusd.conf".
       The configuration entries are much the same for radrelay.conf,  with  a
       few differences as noted	here.

REPLICATION FOR	BACKUPS
       Many  sites  run	 multiple radius servers; at least one primary and one
       backup server. When the primary goes down, most NASes detect  that  and
       switch to the backup server.

       That  will  cause  your accounting packets to go	to the backup server -
       and some	NASes don't even switch	back to	the  primary  server  when  it
       comes back up.

       The  result  is that accounting records are missed, and/or the adminis-
       trator must jump	through	hoops in order to combine the different	detail
       files  from  multiple  servers. It also means that the session database
       ("radutmp", used	for radwho and simultaneous use	detection) gets	out of
       sync.

       radrelay	solves this issue by "relaying"	packets	from one server	to an-
       other, so they both have	the same set of	accounting data.

BUFFERING FOR HIGH-LOAD	SERVERS
       If the RADIUS server suddenly receives a	many accounting	packets, there
       may  be	insufficient CPU power to process them all in a	timely manner.
       This problem is especially noticeable when the accounting  packets  are
       going to	a back-end database.

       Similarly,  you	may have one database that tracks "live" sessions, and
       another that tracks historical accounting data.	In that	case,  access-
       ing  the	 first database	is fast, as it is small.  Accessing the	second
       database	many be	slower,	as it may contain multiple gigabytes of	 data.
       In addition, writing to the first database in a timely manner is	impor-
       tant, while data	may be written to the second database with a few  min-
       utes delay, without any harm being done.

RELAYING OF ACCOUNTING PACKETS
       The  radrelay.conf  file	 controls  the	"radrelay"  personality	of the
       server, which can perform both of the functions above at	the same time.

USAGE
       First, you should configure the main radius server to log to an	extra,
       single  detail  file.   This may	be done	by adding an extra instance of
       the detail module to radiusd.conf:

       For example:

	    detail radrelay-detail {
		 filename = ${radacctdir}/radrelay/detail
		 permissions = 0600
		 dir_permissions = 0755
		 locking = yes
	    }
	    ...
	    accounting {
		 ...
		 radrelay-detail
		 ...
	    }
       This configuration will cause accounting	packets	to be  logged  to  the
       ${radacctdir}/radrelay/detail file.  This file should not be rotated by
       standard	log rotation scripts, as the radrelay program  will  read  and
       rotate it.

RADRELAY.CONF EXAMPLE
       See  the	 radrelay.conf file for	detailed instructions on configuration
       entries,	what they mean,	and how	to use them.

       To have the "radrelay" portion of the  server  read  the	 above	detail
       file, configure radrelay.conf with the following	section:

	    listen {
		 type =	detail
		 filename = ${radacctdir}/radrelay/detail
		 max_outstanding = 100
		 identity = radrelay
	    }

       The  server  will read the accounting packets from the detail file, and
       process them just as if it had received them from the NAS.   Therefore,
       you should configure the	"accounting" section of	radrelay.conf to write
       the accounting records to an "sql" module, or to	proxy them to  another
       RADIUS server.

       Then, start the server via the following	command:

       $ radiusd -n radrelay

       The  server should start	up, read the detail file, and process account-
       ing packets from	it.

NOTES
       The radiusd.conf	file is	not read at all	when the server	is running  as
       radrelay.  Please edit radrelay.conf.

CREDITS
       The  original  "radrelay" program was written by	Miquel van Smoorenburg
       for the Cistron radius project, and ported to FreeRADIUS	by  Simon  Ek-
       strand.	 The  "radsqlrelay"  was  written  by Kostas Kalavras.	It was
       never released as part of an official FreeRADIUS	release, but served as
       a basis for the design of this implementation.

FILES
       /usr/local/share/examples/freeradius/raddb/radrelay.conf

SEE ALSO
       radiusd(8), radiusd.conf(5)

AUTHOR
       Alan DeKok <aland@ox.org>

				  27 May 2005		      radrelay.conf(5)

NAME | DESCRIPTION | FILE FORMAT | REPLICATION FOR BACKUPS | BUFFERING FOR HIGH-LOAD SERVERS | RELAYING OF ACCOUNTING PACKETS | USAGE | RADRELAY.CONF EXAMPLE | NOTES | CREDITS | FILES | SEE ALSO | AUTHOR

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=radrelay.conf&sektion=5&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help