2 ######################################################################
4 # In 2.0.0, radrelay functionality is integrated into the
5 # server core. This virtual server gives an example of
6 # using radrelay functionality inside of the server.
8 # In this example, the detail file is read, and the packets
9 # are proxied to a home server. You will have to configure
10 # realms, home_server_pool, and home_server in proxy.conf
13 # The purpose of this virtual server is to enable duplication
14 # of information across a load-balanced, or fail-over set of
15 # servers. For example, if a group of clients lists two
16 # home servers (primary, secondary), then RADIUS accounting
17 # messages will go only to one server at a time. This file
18 # configures a server (primary, secondary) to send copies of
19 # the accounting information to each other.
21 # That way, each server has the same set of information, and
22 # can make the same decision about the user.
26 ######################################################################
28 server copy-acct-to-home-server {
32 ######################################################
36 # The detail file reader acts just like a NAS.
38 # This means that if accounting fails, the packet
39 # is re-tried FOREVER. It is YOUR responsibility
40 # to write an accounting policy that returns "ok"
41 # if the packet was processed properly, "fail" on
42 # a database error, AND "ok" if you want to ignore
43 # the packet (e.g. no Acct-Status-Type).
45 # Neither the detail file write OR the detail file
46 # reader look at the contents of the packets. They
47 # just either dump the packet verbatim to the file,
48 # or read it verbatim from the file and pass it to
51 ######################################################
54 # The location where the detail file is located.
55 # This should be on local disk, and NOT on an NFS
58 # On most systems, this should support file globbing
59 # e.g. "${radacctdir}/detail-*:*"
60 # This lets you write many smaller detail files as in
61 # the example in radiusd.conf: ".../detail-%Y%m%d:%H"
62 # Writing many small files is often better than writing
63 # one large file. File globbing also means that with
64 # a common naming scheme for detail files, then you can
65 # have many detail file writers, and only one reader.
66 filename = ${radacctdir}/detail
69 # The server can read accounting packets from the
70 # detail file much more quickly than those packets
71 # can be written to a database. If the database is
72 # overloaded, then bad things can happen.
74 # The server will keep track of how long it takes to
75 # process an entry from the detail file. It will
76 # then pause between handling entries. This pause
77 # allows databases to "catch up", and gives the
78 # server time to notice that other packets may have
81 # The pause is calculated dynamically, to ensure that
82 # the load due to reading the detail files is limited
83 # to a small percentage of CPU time. The
84 # "load_factor" configuration item is a number
85 # between 1 and 100. The server will try to keep the
86 # percentage of time taken by "detail" file entries
87 # to "load_factor" percentage of the CPU time.
89 # If the "load_factor" is set to 100, then the server
90 # will read packets as fast as it can, usually
91 # causing databases to go into overload.
96 # Track progress through the detail file. When the detail
97 # file is large, and the server is re-started, it will
98 # read from the START of the file.
100 # Setting "track = yes" means it will skip packets which
101 # have already been processed. The default is "no".
108 # Pre-accounting. Decide which accounting type to use.
113 # Since we're just proxying, we don't need acct_unique.
116 # Look for IPASS-style 'realm/', and if not found, look for
117 # '@realm', and decide whether or not to proxy, based on
120 # Accounting requests are generally proxied to the same
121 # home server as authentication requests.
127 # Read the 'acct_users' file. This isn't always
128 # necessary, and can be deleted if you do not use it.
133 # Accounting. Log the accounting data.
137 # Since we're proxying, we don't log anything
138 # locally. Ensure that the accounting section
139 # "succeeds" by forcing an "ok" return.
145 # When the server decides to proxy a request to a home server,
146 # the proxied request is first passed through the pre-proxy
147 # stage. This stage can re-write the request, or decide to
150 # Only a few modules currently have this method.
154 # If you want to have a log of packets proxied to a home
155 # server, un-comment the following line, and the
156 # 'detail pre_proxy_log' section in radiusd.conf.
161 # When the server receives a reply to a request it proxied
162 # to a home server, the request may be massaged here, in the
168 # If you want to have a log of replies from a home
169 # server, un-comment the following line, and the
170 # 'detail post_proxy_log' section in radiusd.conf.
174 # Uncomment the following line if you want to filter
175 # replies from remote proxies based on the rules
176 # defined in the 'attrs' file.