Govroam

The Roaming solution for the public sector

User Tools

Site Tools

You are here: start » public » retro-fitting_fticks_logging_to_freeradius
public:retro-fitting_fticks_logging_to_freeradius

This is an old revision of the document!

Retro-fitting FTICKS to FreeRADIUS

IN PROGRESS

For a brief explanation of FTICKS and why they're useful.

What we're trying to achieve is for an RFO to send us logs of just the successful authentications happening between your registerted organisations (i.e. not the ones proxies to and from the Jisc NRPS).

To do this there are a few stages.

1. Modify the client stanzas to include an 'operator=<realm>' line which will set the internal 'operator' variable to identify the organisation from which the request originates. e.g: 

client somesite {
        secret = something
        ipaddr = 192.168.0.1
        operator = "somesite.nhs.uk"

}

2. Modify the client stanzas to identify all the Jisc NRPS as 'operator=NRPS', as above. e.g: 

client roaming0 {
        secret = something
        ipaddr = 192.168.0.1
        operator = "NRPS"

}

3. Add a log section for FTICKS which sends the logs to syslog.

4. Modify the post-auth stanza to use the above log section only where the source and destination aren't 'NRPS'. e.g: 

                # Only send F-TICKS to Jisc when proxying between sites.
		if ( "%{home_server:operator}" != "NRPS" && "%{client:operator}" != "NRPS") {
  		  f_ticks
		}

5. Configure a syslog server to proxy to the FTICKS syslog to the Jisc syslog server.

public/retro-fitting_fticks_logging_to_freeradius.1710836239.txt.gz · Last modified: 2024/03/19 08:17 by admin