radrelay(8) [debian man page]
RADRELAY(8) FreeRADIUS Daemon RADRELAY(8) NAME
radrelay -- Deprecated command. DESCRIPTION
The functions of radrelay have been added to radiusd. One benefit is that one instance of radiusd can read multiple detail files, among others. The rlm_sql_log module does something similar, but for SQL queries. See it's man page for details. REPLICATION FOR BACKUPS
Many sites run multiple radius servers; at least one primary and one backup server. When the primary goes down, most NASes detect that and switch to the backup server. That will cause your accounting packets to go the the backup server - and some NASes don't even switch back to the primary server when it comes back up. The result is that accounting records are missed, and/or the administrator must jump through hoops in order to combine the different detail files from multiple servers. It also means that the session database ("radutmp", used for radwho and simultaneous use detection) gets out of sync. We solve this issue by "relaying" packets from one server to another, so they both have the same set of accounting data. See raddb/sites-available/buffered-sql for more information. BUFFERING FOR HIGH-LOAD SERVERS If the RADIUS server suddenly receives a many accounting packets, there may be insufficient CPU power to process them all in a timely man- ner. This problem is especially noticable when the accounting packets are going to a back-end database. Similarly, you may have one database that tracks "live" sessions, and another that tracks historical accounting data. In that case, accessing the first database is fast, as it is small. Accessing the second database many be slower, as it may contain multiple gigabytes of data. In addition, writing to the first database in a timely manner is important, while data may be written to the second database with a few minutes delay, without any harm being done. See raddb/sites-available/copy-to-home-server for more information. SEE ALSO
radiusd(8), rlm_sql_log(5) AUTHOR
The FreeRADIUS Server Project 23 October 2007 RADRELAY(8)
Check Out this Related Man Page
rlm_sql(5) FreeRADIUS Module rlm_sql(5) NAME
rlm_sql - FreeRADIUS Module DESCRIPTION
The rlm_sql module provides an SQL interface to retrieve authorization information and store accounting information. It can be used in conjunction with, or in lieu of the files and detail modules. The SQL module has drivers to support the following SQL databases: db2 iodbc mysql oracle postgresql sybase unixodbc Due to the size of the configuration variables, the sql module is usually configured in a separate file, which is included in the main radiusd.conf via an include directive. The main configuration items to be aware of are: driver This variable specifies the driver to be loaded. server login password These specify the servername, username, and password the module will use to connect to the database. radius_db The name of the database where the radius tables are stored. acct_table1 acct_table2 These specify the tables names for accounting records. acct_table1 specifies the table where Start records are stored. acct_table2 specifies the table where Stop records are stored. In most cases, this should be the same table. postauth_table The name of the table to store post-authentication data. authcheck_table authreply_table The tables where individual Check-Items and Reply-Items are stored. groupcheck_table groupreply_table The tables where group Check-Items and Reply-Items are stored. usergroup_table The table where username to group relationships are stored. deletestatlesessions This option is set to 'yes' or 'no'. If you are doing Simultaneous-Use checking, and this is set to yes, stale sessions ( defined as sessions for which a Stop record was not received ) will be cleared. logfile This option is useful for debugging sql problems. If logfile is set then all sql queries for the containing section are written to the file specified. This is useful for debugging and bulk inserts. num_sql_socks The number of sql connections to make to the database. connect_failure_retry_delay The number of seconds to wait before attempting to reconnect to a failed database connection. sql_user_name This is the definition of the SQL-User-Name attribute. This is set once, so that you can use %{SQL-User-Name} in the SQL queries, rather than the nested username substitution. This ensures that Username is parsed consistently for all SQL queries executed. default_user_profile This is the default profile name that will be applied to all users if set. This is not set by default. query_on_not_found This option is set to 'yes' or 'no'. If set to yes, then the default user profile is returned if no specific match was found for the user. authorize_check_query authorize_reply_query These queries are run during the authorization stage to extract the user authorization information from the ${authcheck_table} and ${authreply_table}. authorize_group_check_query authorize_group_reply_query These queries are run during the authorization stage to extract the group authorization information from the ${groupcheck_table} and ${groupreply_table}. accounting_onoff_query The query to be run when receiving an Accounting On or Accounting Off packet. accounting_update_query accounting_update_query_alt The query to be run when receiving an Accounting Update packet. If the primary query fails, the alt query is run. accounting_start_query accounting_start_query_alt The query to be run when receiving an Accounting Start packet. If the primary query fails, the alt query is run. accounting_stop_query accounting_stop_query_alt The query to be run when receiving an Accounting Stop packet. If the primary query fails, the alt query is run. simul_count_query The query to be run to return the number simultaneous sessions for the purposes of limiting Simultaneous Use. simul_verify_query The query to return the detail information needed to confirm that all suspected connected sessions are valid, and are not stale ses- sions. group_membership_query The query to run to check user group membership. postauth_query The query to run during the post-authentication stage. CONFIGURATION
Due to the size of the configuration for this module, it is not included in this manual page. Please review the supplied configuration files for example queries and configuration details. SECTIONS
authorization, accounting, checksimul, post-authentication FILES
/etc/raddb/radiusd.conf, /etc/raddb/sql.conf, /etc/raddb/sql/<DB>/dialup.conf, /etc/raddb/sql/<DB>/schema.sql, SEE ALSO
radiusd(8), radiusd.conf(5), AUTHORS
Chris Parker, cparker@segv.org 5 February 2004 rlm_sql(5)