This file is indexed.

/etc/freeradius/3.0/sites-available/robust-proxy-accounting is in freeradius-config 3.0.16+dfsg-1ubuntu3.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
# -*- text -*-
######################################################################
#
#	This is a sample configuration for robust proxy accounting.
#	accounting packets are proxied, OR logged locally if all
#	home servers are down.  When the home servers come back up,
#	the accounting packets are forwarded.
#
#	This method enables the server to proxy all packets to the
#	home servers when they're up, AND to avoid writing to the
#	detail file in most situations.
#
#	In most situations, proxying of accounting messages is done
#	in a "pass-through" fashion.  If the home server does not
#	respond, then the proxy server does not respond to the NAS.
#	That means that the NAS must retransmit packets, sometimes
#	forever.  This example shows how the proxy server can still
#	respond to the NAS, even if all home servers are down.
#
#	This configuration could be done MUCH more simply if ALL
#	packets were written to the detail file.  But that would
#	involve a lot more disk writes, which may not be a good idea.
#
#	This file is NOT meant to be used as-is.  It needs to be
#	edited to match your local configuration.
#
#	$Id: 0cce33316384ac78b2732c29451905928cf2bf9a $
#
######################################################################

#  (1) Define two home servers.
home_server home1.example.com {
	type = acct
	ipaddr = 192.0.2.10
	port = 1813
	secret = testing123

	#  Mark this home server alive ONLY when it starts being responsive
	status_check = request
	username = "test_user_status_check"

	#  Set the response timeout aggressively low.
	#  You MAY have to increase this, depending on tests with
	#  your local installation.
	response_window = 6
}

home_server home2.example.com {
	type = acct
	ipaddr = 192.0.2.20
	port = 1813
	secret = testing123

	#  Mark this home server alive ONLY when it starts being responsive
	status_check = request
	username = "test_user_status_check"

	#  Set the response timeout aggressively low.
	#  You MAY have to increase this, depending on tests with
	#  your local installation.
	response_window = 6
}

#  (2) Put all of the servers into a pool.
home_server_pool acct_pool.example.com {
	type = load-balance	# other types are OK, too.

	home_server = home1.example.com
	home_server = home2.example.com
	# add more home_server's here.

	# for pre/post-proxy policies
	virtual_server = home.example.com
}

#  (3) Define a realm for these home servers.
#  It should NOT be used as part of normal proxying decisions!
realm acct_realm.example.com {
	acct_pool = acct_pool.example.com
}

#  (4) Define a detail file writer.
#   See raddb/modules/detail.example.com

#  (5) Define a virtual server to handle pre/post-proxy re-writing
server home.example.com {
	pre-proxy {
		#  Insert pre-proxy rules here
	}

	post-proxy {
		#  Insert post-proxy rules here

		#  This will be called when the CURRENT packet failed
		#  to be proxied.  This may happen when one home server
		#  suddenly goes down, even though another home server
		#  may be alive.
		#
		#  i.e. the current request has run out of time, so it
		#  cannot fail over to another (possibly) alive server.
		#
		#  We want to respond to the NAS, so that it can stop
		#  re-sending the packet.  We write the packet to the
		#  "detail" file, where it will be read, and sent to
		#  another home server.
		#
		Post-Proxy-Type Fail-Accounting {
			detail.example.com
		}

		#
		#  This section is run when there are problems
		#  proxying Access-Request packets
		#
		Post-Proxy-Type Fail-Authentication {
			# add policies here
		}

	}


	#  Read accounting packets from the detail file(s) for
	#  the home server.
	#
	#  Note that you can have only ONE "listen" section reading
	#  detail files from a particular directory.  That is why the
	#  destination host name is used as part of the directory name
	#  below.  Having two "listen" sections reading detail files
	#  from the same directory WILL cause problems.  The packets
	#  may be read by one, the other, or both "listen" sections.
	listen {
		type = detail
		filename = "${radacctdir}/detail.example.com/detail-*:*"
		load_factor = 10
	}

	#  All packets read from the detail file are proxied back to
	#  the home servers.
	#
	#  The normal pre/post-proxy rules are applied to them, too.
	#
	#  If the home servers are STILL down, then the server stops
	#  reading the detail file, and queues the packets for a later
	#  retransmission.  The Post-Proxy-Type "Fail" handler is NOT
	#  called.
	#
	#  When the home servers come back up, the packets are forwarded,
	#  and the detail file processed as normal.
	accounting {
		# You may want accounting policies here...

		update control {
			&Proxy-To-Realm := 'acct_realm.example.com'
		}
	}

}