| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| public:retro-fitting_fticks_logging_to_freeradius [2024/03/19 08:44] – admin | public:retro-fitting_fticks_logging_to_freeradius [2024/11/22 09:54] (current) – admin |
|---|
| =====Retro-fitting FTICKS to FreeRADIUS===== | =====Retro-fitting FTICKS to FreeRADIUS===== |
| |
| **IN PROGRESS** | |
| |
| For a [[public:fticks|brief explanation of FTICKS]] and why they're useful. | For a [[public:fticks|brief explanation of FTICKS]] and why they're useful. |
| To do this there are a few stages. | To do this there are a few stages. |
| |
| 1. Modify the [[siteadmin:basic_freeradius_orps_configration#clients_conf|client stanzas]] to include an 'operator=<realm>' line which will set the internal 'operator' variable to identify the organisation from which the request originates. e.g: | 1. Modify the [[siteadmin:basic_freeradius_orps_configuration#clients_conf|client stanzas]] to include an 'operator=<realm>' line which will set the internal 'operator' variable to identify the organisation from which the request originates. e.g: |
| <code> | <code> |
| client somesite { | client somesite { |
| </code> | </code> |
| |
| 2. Modify the [[[[siteadmin:basic_freeradius_orps_configration#clients_conf|client stanzas]] to identify all the Jisc NRPS as 'operator=NRPS', as above. e.g: | 2. Modify the [[[[siteadmin:basic_freeradius_orps_configuration#clients_conf|client stanzas]] to identify all the Jisc NRPS as 'operator=NRPS', as above. e.g: |
| <code> | <code> |
| client roaming0 { | client roaming0 { |
| } | } |
| </code> | </code> |
| | Replace 'nhs.uk' with your realm. |
| |
| 4. Add a [[[[siteadmin:basic_freeradius_orps_configration#mods_available-_govroam_logs|log section]] for FTICKS which sends the logs to syslog. e.g: | 4. Add a [[siteadmin:basic_freeradius_orps_configuration#mods_available-_govroam_logs|log section]] for FTICKS which sends the logs to syslog. e.g: |
| <code> | <code> |
| # F-TICKS | # F-TICKS |
| </code> | </code> |
| |
| 5. Modify the [[siteadmin:basic_freeradius_orps_configration#sites-available-_govroam|post-auth stanza]] to use the above log section only where the source and destination aren't 'NRPS'. e.g: | 5. Modify the [[siteadmin:basic_freeradius_orps_configuration#sites-available-_govroam|post-auth stanza]] to use the above log section only where the source and destination aren't 'NRPS', and the Called-Station-Id contains the 'govroam' SSID. e.g: |
| <code> | <code> |
| # Only send F-TICKS to Jisc when proxying between sites. | # Only send F-TICKS to Jisc when proxying between sites. |
| if ( "%{home_server:operator}" != "NRPS" && "%{client:operator}" != "NRPS") { | if ( "%{home_server:operator}" != "NRPS" && "%{client:operator}" != "NRPS" && "%{request:Called-Station-Id}" =~ /:govroam$/) { |
| f_ticks | f_ticks |
| } | } |
