(RADIATOR) Proxying accounting requests.

Sysadmin sysadmin at bigbrain.net
Fri May 24 08:19:02 CDT 2002


Hi,  
This is kind of weird, but here goes.
  I have a NAS that is under the control of a partner company.  They 
forward all authentication to my radius servers. I now have a customer 
that is user their NAS, but did not want to move his radius username/passwd db to 
my server, so I have to proxy all the requests to his radius server.  I'm 
interested in monitoring their usage and so are they.  
  So I need to be able to log the start/stop accounting packet for their 
realm to my accounting database and also fwd it onto their accounting 
database.  Both accounting servers are running cisco's ACS radius, so they 
accept the stop/start packets on port 1646 and then store them in sql.  
 The reason for not just doing the one central server is because the 
partner company wants to make sure we are not over billing them.  :(

Thanks for you help.

On Fri, 24 May 2002, Hugh Irvine wrote:

> 
> Hello -
> 
> I don't understand your question, sorry.
> 
> Could you explain the requirement in a bit more detail?
> 
> thanks
> 
> Hugh
> 
> On Fri, 24 May 2002 00:53, Sysadmin wrote:
> > Hi,
> >  In this case I am not using sql at the central accounting server or at
> > the host I am proxying to.  So is there a way for me to fwd accounting
> > request to both hosts on port 1646?
> >
> > Thanks
> >
> > -----Original Message-----
> > From: Hugh Irvine [mailto:hugh at open.com.au]
> > Sent: Monday, May 13, 2002 7:09 PM
> > To: sysadmin at bigbrain.net; radiator at open.com.au
> > Subject: Re: (RADIATOR) Proxying accounting requests.
> >
> >
> >
> > Hello -
> >
> > You will need to add an AuthBy SQL clause to your configuration file.
> >
> > Something like this:
> >
> > # define AuthBy SQL clause for accounting
> >
> > <AuthBy SQL>
> > 	Identifier SQLAccounting
> > 	......
> > 	# empty AuthSelect to disable authentication
> > 	AuthSelect
> >
> > 	# define accounting
> > 	AccountingTable ACCOUNTING
> > 	AcctColumnDef .....
> > 	.....
> > </AuthBy>
> >
> > # define Realms
> >
> > <Realm some.realm>
> > 	AuthByPolicy ContinueAlways
> > 	AuthBy SQLAccounting
> > 	<AuthBy ....>
> > 		....
> > 	</AuthBy>
> > 	.....
> > </Realm>
> >
> > <Realm another.realm>
> > 	AuthByPolicy ContinueAlways
> > 	AuthBy SQLAccounting
> > 	<AuthBy ....>
> > 		....
> > 	</AuthBy>
> > 	.....
> > </Realm>
> >
> > .....
> >
> >
> > regards
> >
> > Hugh
> >
> > On Tue, 14 May 2002 01:02, sysadmin at bigbrain.net wrote:
> > > I want to put in a central radius accountinng server and was
> >
> > wondering how
> >
> > > to configure my realms.  I have some realms that I proxy for
> >
> > and some I do
> >
> > > not.  Right now I have all the realms going to a file.  Is
> >
> > there a way I
> >
> > > can tell the realms to fwd to a central server?  Right now I am just
> > > saving them to files.
> > >   If I do this, will it also still fwd the start/stop packets to the
> > > radius servers I am proxying to?
> > >
> > >
> > >
> > > Thanks
> > >
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> 
> 

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list