Govroam

The Roaming solution for the public sector

User Tools

Site Tools

You are here: start » public » retro-fitting_fticks_logging_to_freeradius
public:retro-fitting_fticks_logging_to_freeradius

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
public:retro-fitting_fticks_logging_to_freeradius [2024/03/19 08:39] adminpublic:retro-fitting_fticks_logging_to_freeradius [2024/11/22 09:54] (current) admin
Line 1: Line 1:
 =====Retro-fitting FTICKS to FreeRADIUS===== =====Retro-fitting FTICKS to FreeRADIUS=====
- 
-**IN PROGRESS** 
  
 For a [[public:fticks|brief explanation of FTICKS]] and why they're useful. For a [[public:fticks|brief explanation of FTICKS]] and why they're useful.
Line 9: Line 7:
 To do this there are a few stages. To do this there are a few stages.
  
-1. Modify the [[siteadmin:basic_freeradius_orps_configration#clientsconf|client stanzas]] to include an 'operator=<realm>' line which will set the internal 'operator' variable to identify the organisation from which the request originates. e.g:+1. Modify the [[siteadmin:basic_freeradius_orps_configuration#clients_conf|client stanzas]] to include an 'operator=<realm>' line which will set the internal 'operator' variable to identify the organisation from which the request originates. e.g:
 <code> <code>
 client somesite { client somesite {
Line 19: Line 17:
 </code> </code>
  
-2. Modify the client stanzas to identify all the Jisc NRPS as 'operator=NRPS', as above. e.g:+2. Modify the [[[[siteadmin:basic_freeradius_orps_configuration#clients_conf|client stanzas]] to identify all the Jisc NRPS as 'operator=NRPS', as above. e.g:
 <code> <code>
 client roaming0 { client roaming0 {
Line 39: Line 37:
 </code> </code>
  
-3. Ensure that the Operator-Name variable is being set to the right value, or a suitable default e.g:+3. Ensure that the [[siteadmin:freeradius_operator-name_setting|Operator-Name variable]] is being set to the right value, or a suitable default e.g:
 <code> <code>
 update request { update request {
Line 45: Line 43:
                 }                 }
 </code>                </code>               
 +Replace 'nhs.uk' with your realm.
  
-4. Add a log section for FTICKS which sends the logs to syslog. e.g:+4. Add a [[siteadmin:basic_freeradius_orps_configuration#mods_available-_govroam_logs|log section]] for FTICKS which sends the logs to syslog. e.g:
 <code> <code>
 # F-TICKS # F-TICKS
Line 59: Line 58:
 </code> </code>
  
-5. Modify the post-auth stanza to use the above log section only where the source and destination aren't 'NRPS'. e.g:+5. Modify the [[siteadmin:basic_freeradius_orps_configuration#sites-available-_govroam|post-auth stanza]] to use the above log section only where the source and destination aren't 'NRPS', and the Called-Station-Id contains the 'govroam' SSID. e.g:
 <code> <code>
                 # Only send F-TICKS to Jisc when proxying between sites.                 # Only send F-TICKS to Jisc when proxying between sites.
- if ( "%{home_server:operator}" != "NRPS" && "%{client:operator}" != "NRPS") {+ if ( "%{home_server:operator}" != "NRPS" && "%{client:operator}" != "NRPS" && "%{request:Called-Station-Id}" =~ /:govroam$/) {
     f_ticks     f_ticks
  }  }
public/retro-fitting_fticks_logging_to_freeradius.1710837556.txt.gz · Last modified: 2024/03/19 08:39 by admin