Govroam

The Roaming solution for the public sector

User Tools

Site Tools

You are here: start » public » retro-fitting_fticks_logging_to_freeradius
public:retro-fitting_fticks_logging_to_freeradius

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
public:retro-fitting_fticks_logging_to_freeradius [2024/03/19 08:23] adminpublic:retro-fitting_fticks_logging_to_freeradius [2024/11/22 09:54] (current) admin
Line 1: Line 1:
 =====Retro-fitting FTICKS to FreeRADIUS===== =====Retro-fitting FTICKS to FreeRADIUS=====
- 
-**IN PROGRESS** 
  
 For a [[public:fticks|brief explanation of FTICKS]] and why they're useful. For a [[public:fticks|brief explanation of FTICKS]] and why they're useful.
Line 9: Line 7:
 To do this there are a few stages. To do this there are a few stages.
  
-1. Modify the client stanzas to include an 'operator=<realm>' line which will set the internal 'operator' variable to identify the organisation from which the request originates. e.g:+1. Modify the [[siteadmin:basic_freeradius_orps_configuration#clients_conf|client stanzas]] to include an 'operator=<realm>' line which will set the internal 'operator' variable to identify the organisation from which the request originates. e.g:
 <code> <code>
 client somesite { client somesite {
Line 18: Line 16:
 } }
 </code> </code>
-2. Modify the client stanzas to identify all the Jisc NRPS as 'operator=NRPS', as above. e.g:+ 
 +2. Modify the [[[[siteadmin:basic_freeradius_orps_configuration#clients_conf|client stanzas]] to identify all the Jisc NRPS as 'operator=NRPS', as above. e.g:
 <code> <code>
 client roaming0 { client roaming0 {
Line 37: Line 36:
 } }
 </code> </code>
-3. Add a log section for FTICKS which sends the logs to syslog. e.g:+ 
 +3. Ensure that the [[siteadmin:freeradius_operator-name_setting|Operator-Name variable]] is being set to the right value, or a suitable default e.g: 
 +<code> 
 +update request { 
 +                        Operator-Name = "%{%{client:operator}:-1nhs.uk}" 
 +                } 
 +</code>                
 +Replace 'nhs.uk' with your realm. 
 + 
 +4. Add a [[siteadmin:basic_freeradius_orps_configuration#mods_available-_govroam_logs|log section]] for FTICKS which sends the logs to syslog. e.g:
 <code> <code>
 # F-TICKS # F-TICKS
Line 50: Line 58:
 </code> </code>
  
-4. Modify the post-auth stanza to use the above log section only where the source and destination aren't 'NRPS'. e.g:+5. Modify the [[siteadmin:basic_freeradius_orps_configuration#sites-available-_govroam|post-auth stanza]] to use the above log section only where the source and destination aren't 'NRPS', and the Called-Station-Id contains the 'govroam' SSID. e.g:
 <code> <code>
                 # Only send F-TICKS to Jisc when proxying between sites.                 # Only send F-TICKS to Jisc when proxying between sites.
- if ( "%{home_server:operator}" != "NRPS" && "%{client:operator}" != "NRPS") {+ if ( "%{home_server:operator}" != "NRPS" && "%{client:operator}" != "NRPS" && "%{request:Called-Station-Id}" =~ /:govroam$/) {
     f_ticks     f_ticks
  }  }
 </code> </code>
-5. Configure a [[siteadmin:syslog_f-ticks_logging|syslog server]] to proxy to the FTICKS syslog to the Jisc syslog server. Example for syslog-ng:+ 
 +6. Configure a [[siteadmin:syslog_f-ticks_logging|syslog server]] to proxy to the FTICKS syslog to the Jisc syslog server. Example for syslog-ng:
 <code> <code>
 destination d_jisc {  destination d_jisc { 
public/retro-fitting_fticks_logging_to_freeradius.1710836601.txt.gz · Last modified: 2024/03/19 08:23 by admin