# -*- text -*-########################################################################	This is a sample configuration for robust proxy accounting.#	accounting packets are proxied, OR logged locally if all#	home servers are down.  When the home servers come back up,#	the accounting packets are forwarded.##	This method enables the server to proxy all packets to the#	home servers when they're up, AND to avoid writing to the#	detail file in most situations.##	In most situations, proxying of accounting messages is done#	in a "pass-through" fashion.  If the home server does not#	respond, then the proxy server does not respond to the NAS.#	That means that the NAS must retransmit packets, sometimes#	forever.  This example shows how the proxy server can still#	respond to the NAS, even if all home servers are down.##	This configuration could be done MUCH more simply if ALL#	packets were written to the detail file.  But that would#	involve a lot more disk writes, which may not be a good idea.##	This file is NOT meant to be used as-is.  It needs to be#	edited to match your local configuration.##	$Id: robust-proxy-accounting,v 1.2 2008/04/28 14:53:17 aland Exp $########################################################################  (1) Define two home servers.home_server home1.example.com {	type = acct	ipaddr = 192.0.2.10	port = 1813	secret = testing123	#  Mark this home server alive ONLY when it starts being responsive	status_check = request	username = "test_user_status_check"	#  Set the response timeout aggressively low.	#  You MAY have to increase this, depending on tests with	#  your local installation.	response_window = 6}home_server home2.example.com {	type = acct	ipaddr = 192.0.2.20	port = 1813	secret = testing123	#  Mark this home server alive ONLY when it starts being responsive	status_check = request	username = "test_user_status_check"	#  Set the response timeout aggressively low.	#  You MAY have to increase this, depending on tests with	#  your local installation.	response_window = 6}#  (2) Define a virtual server to be used when both of the#  home servers are down.home_server acct_detail.example.com {	virtual_server = acct_detail.example.com}#  Put all of the servers into a pool.home_server_pool acct_pool.example.com {	type = load-balance	# other types are OK, too.	home_server = home1.example.com	home_server = home2.example.com	# add more home_server's here.	# If all home servers are down, try a home server that	# is a local virtual server.	fallback = acct_detail.example.com	# for pre/post-proxy policies	virtual_server = home.example.com}#  (3) Define a realm for these home servers.#  It should NOT be used as part of normal proxying decisions!realm acct_realm.example.com {	acct_pool = acct_pool.example.com}#  (4) Define a detail file writer.  This next section MUST be#  copied to the "modules" section of radiusd.conf, and un-commented##  We write *multiple* detail files here.  They will be processed#  in the order that they were created.  The directory containing#  these files should NOT be used for any other purposes.  That is,#  it should have NO other files in it.##  Writing multiple detail enables the server to process the pieces#  in smaller chunks.  This helps in certain catastrophic corner cases.#  (e.g. home servers down for days...)##detail detail.example.com {#	detailfile = ${radacctdir}/detail.example.com/detail-%Y%m%d:%H#}#  (5) Define the virtual server to write the packets to the detail file#  This will be called when ALL home servers are down, because of the#  "fallback" configuration in the home server pool.virtual_server acct_detail.example.com {	accounting {		detail.example.com	}}#  (6) Define a virtual server to handle pre/post-proxy re-writingvirtual_server home.example.com {	pre-proxy {		#  Insert pre-proxy rules here	}	post-proxy {		#  Insert post-proxy rules here		#  This will be called when the CURRENT packet failed		#  to be proxied.  This may happen when one home server		#  suddenly goes down, even though another home server		#  may be alive.		#		#  i.e. the current request has run out of time, so it		#  cannot fail over to another (possibly) alive server.		#		#  We want to respond to the NAS, so that it can stop		#  re-sending the packet.  We write the packet to the		#  "detail" file, where it will be read, and sent to		#  another home server.		#		Post-Proxy-Type Fail {			detail.example.com		}	}	#  Read accounting packets from the detail file(s) for	#  the home server.	listen {		type = detail		filename = "${radacctdir}/detail.example.com/detail-*:*"		load_factor = 10	}	#  All packets read from the detail file are proxied back to	#  the home servers.	#	#  The normal pre/post-proxy rules are applied to them, too.	#	#  If the home servers are STILL down, then the server stops	#  reading the detail file, and queues the packets for a later	#  retransmission.  The Post-Proxy-Type "Fail" handler is NOT	#  called.	#	#  When the home servers come back up, the packets are forwarded,	#  and the detail file processed as normal.	accounting {		# You may want accounting policies here...		update control {			Proxy-To-Realm := "acct_realm.example.com"		}	}}