2 ######################################################################
4 # In 2.0.0, radrelay functionality is integrated into the
5 # server core. This virtual server gives an example of
6 # using radrelay functionality inside of the server.
8 # In this example, the detail file is read, and the packets
9 # are proxied to a home server. You will have to configure
10 # realms, home_server_pool, and home_server in proxy.conf
13 # The purpose of this virtual server is to enable duplication
14 # of information across a load-balanced, or fail-over set of
15 # servers. For example, if a group of clients lists two
16 # home servers (primary, secondary), then RADIUS accounting
17 # messages will go only to one server at a time. This file
18 # configures a server (primary, secondary) to send copies of
19 # the accounting information to each other.
21 # That way, each server has the same set of information, and
22 # can make the same decision about the user.
26 ######################################################################
28 server copy-acct-to-home-server {
33 # See sites-available/buffered-sql for more details on
34 # all the options available for the detail reader.
37 ######################################################
41 # The detail file reader acts just like a NAS.
43 # This means that if accounting fails, the packet
44 # is re-tried FOREVER. It is YOUR responsibility
45 # to write an accounting policy that returns "ok"
46 # if the packet was processed properly, "fail" on
47 # a database error, AND "ok" if you want to ignore
48 # the packet (e.g. no Acct-Status-Type).
50 # Neither the detail file write OR the detail file
51 # reader look at the contents of the packets. They
52 # just either dump the packet verbatim to the file,
53 # or read it verbatim from the file and pass it to
56 ######################################################
59 # The location where the detail file is located.
60 # This should be on local disk, and NOT on an NFS
63 # On most systems, this should support file globbing
64 # e.g. "${radacctdir}/detail-*:*"
65 # This lets you write many smaller detail files as in
66 # the example in radiusd.conf: ".../detail-%Y%m%d:%H"
67 # Writing many small files is often better than writing
68 # one large file. File globbing also means that with
69 # a common naming scheme for detail files, then you can
70 # have many detail file writers, and only one reader.
72 filename = ${radacctdir}/detail
75 # The server can read accounting packets from the
76 # detail file much more quickly than those packets
77 # can be written to a database. If the database is
78 # overloaded, then bad things can happen.
80 # The server will keep track of how long it takes to
81 # process an entry from the detail file. It will
82 # then pause between handling entries. This pause
83 # allows databases to "catch up", and gives the
84 # server time to notice that other packets may have
87 # The pause is calculated dynamically, to ensure that
88 # the load due to reading the detail files is limited
89 # to a small percentage of CPU time. The
90 # "load_factor" configuration item is a number
91 # between 1 and 100. The server will try to keep the
92 # percentage of time taken by "detail" file entries
93 # to "load_factor" percentage of the CPU time.
95 # If the "load_factor" is set to 100, then the server
96 # will read packets as fast as it can, usually
97 # causing databases to go into overload.
102 # Track progress through the detail file. When the detail
103 # file is large, and the server is re-started, it will
104 # read from the START of the file.
106 # Setting "track = yes" means it will skip packets which
107 # have already been processed. The default is "no".
114 # Pre-accounting. Decide which accounting type to use.
119 # Since we're just proxying, we don't need acct_unique.
122 # Look for IPASS-style 'realm/', and if not found, look for
123 # '@realm', and decide whether or not to proxy, based on
126 # Accounting requests are generally proxied to the same
127 # home server as authentication requests.
133 # Read the 'acct_users' file. This isn't always
134 # necessary, and can be deleted if you do not use it.
139 # Accounting. Log the accounting data.
143 # Since we're proxying, we don't log anything
144 # locally. Ensure that the accounting section
145 # "succeeds" by forcing an "ok" return.
151 # When the server decides to proxy a request to a home server,
152 # the proxied request is first passed through the pre-proxy
153 # stage. This stage can re-write the request, or decide to
156 # Only a few modules currently have this method.
160 # If you want to have a log of packets proxied to a home
161 # server, un-comment the following line, and the
162 # 'detail pre_proxy_log' section in radiusd.conf.
167 # When the server receives a reply to a request it proxied
168 # to a home server, the request may be massaged here, in the
174 # If you want to have a log of replies from a home
175 # server, un-comment the following line, and the
176 # 'detail post_proxy_log' section in radiusd.conf.
180 # Uncomment the following line if you want to filter
181 # replies from remote proxies based on the rules
182 # defined in the 'attrs' file.