Provided by: freeradius-common_3.2.0+dfsg-1_all bug


       radrelay.conf - configuration file for the FreeRADIUS server "radrelay" personality


       The   radrelay.conf   file   resides   in   the  radius  database  directory,  by  default
       /etc/freeradius/3.0.  It defines the global configuration for the FreeRADIUS server,  when
       the server is operating as "radrelay".


       For  a detailed description of the file format, see "man radiusd.conf".  The configuration
       entries are much the same for radrelay.conf, with a few differences as noted here.


       Many sites run multiple radius servers; at least one primary and one backup  server.  When
       the primary goes down, most NASes detect that and switch to the backup server.

       That  will cause your accounting packets to go to the backup server - and some NASes don't
       even switch back to the primary server when it comes back up.

       The result is that accounting records are  missed,  and/or  the  administrator  must  jump
       through  hoops  in  order  to combine the different detail files from multiple servers. It
       also means that the session database ("radutmp", used  for  radwho  and  simultaneous  use
       detection) gets out of sync.

       radrelay  solves this issue by "relaying" packets from one server to another, so they both
       have the same set of accounting data.


       If  the  RADIUS  server  suddenly  receives  a  many  accounting  packets,  there  may  be
       insufficient CPU power to process them all in a timely manner.  This problem is especially
       noticeable when the accounting packets are going to a back-end database.

       Similarly, you may have one database that tracks "live" sessions, and another that  tracks
       historical  accounting data.  In that case, accessing the first database is fast, as it is
       small.  Accessing the second database many be slower, as it may contain multiple gigabytes
       of  data.   In  addition,  writing  to the first database in a timely manner is important,
       while data may be written to the second database with a few  minutes  delay,  without  any
       harm being done.


       The  radrelay.conf  file  controls  the  "radrelay"  personality  of the server, which can
       perform both of the functions above at the same time.


       First, you should configure the main radius server to log to an extra, single detail file.
       This may be done by adding an extra instance of the detail module to radiusd.conf:

       For example:

            detail radrelay-detail {
                 filename = ${radacctdir}/radrelay/detail
                 permissions = 0600
                 dir_permissions = 0755
                 locking = yes
            accounting {
       This    configuration    will   cause   accounting   packets   to   be   logged   to   the
       ${radacctdir}/radrelay/detail file.  This file should  not  be  rotated  by  standard  log
       rotation scripts, as the radrelay program will read and rotate it.


       See  the  radrelay.conf file for detailed instructions on configuration entries, what they
       mean, and how to use them.

       To have the "radrelay" portion of  the  server  read  the  above  detail  file,  configure
       radrelay.conf with the following section:

            listen {
                 type = detail
                 filename = ${radacctdir}/radrelay/detail
                 max_outstanding = 100
                 identity = radrelay

       The server will read the accounting packets from the detail file, and process them just as
       if it had received them from the NAS.  Therefore, you should  configure  the  "accounting"
       section  of  radrelay.conf to write the accounting records to an "sql" module, or to proxy
       them to another RADIUS server.

       Then, start the server via the following command:

       $ radiusd -n radrelay

       The server should start up, read the detail file, and process accounting packets from it.


       The radiusd.conf file is not read at all when the server is running as  radrelay.   Please
       edit radrelay.conf.


       The  original  "radrelay"  program  was  written by Miquel van Smoorenburg for the Cistron
       radius project, and ported to FreeRADIUS by Simon Ekstrand.  The "radsqlrelay" was written
       by  Kostas Kalavras.  It was never released as part of an official FreeRADIUS release, but
       served as a basis for the design of this implementation.




       radiusd(8), radiusd.conf(5)


       Alan DeKok <>

                                           27 May 2005                           radrelay.conf(5)