...
The paths where the logs are written to, and the files with the list of permitted attributes for filtering, are defined in the corresponding module definitions in /etc/modules/<name-of-module>.
Since the eduroam SP with this configuration will statically use RADIUS to its upstream federation-level server, activation of F-Ticks reporting is not strictly necessary. It is thus described only in the "Goodies" section below.
Client definition
FreeRADIUS defines the connected RADIUS clients in the file /etc/raddb/clients.conf. This file needs to hold all your connected Access Points and/or wired eduroam-enabled switches. You set a shared secret for each client and define these in the config file as follows:
...
| Code Block |
|---|
user = radiusd
group = radiusd
|
F-Ticks
F-Ticks is using syslog to deliver user login statistics. You can enable syslog logging for login events by defining a linelog module. In the /etc/modules/ subdirectory, create a new file "f_ticks":
| Code Block |
|---|
linelog f_ticks {
filename = syslog
format = ""
reference = "f_ticks.%{%{reply:Packet-Type}:-format}"
f_ticks {
Access-Accept = "F-TICKS/eduroam/1.0#REALM=%{Realm}#VISCOUNTRY=LU#VISINST=YOUR-ID#CSI=%{Calling-Station-Id}#RESULT=OK#"
Access-Reject = "F-TICKS/eduroam/1.0#REALM=%{Realm}#VISCOUNTRY=LU#VISINST=YOUR-ID#CSI=%{Calling-Station-Id}#RESULT=FAIL#"
}
}
|
Note that you have to adapt VISCOUNTRY to the country you are in, and VISINST to an identifier for your hotspot!
You need to enable this new module in the post-auth section of your virtual server eduroam:
| Code Block |
|---|
post-auth {
reply_log f_ticks
Post-Auth-Type REJECT {
reply_log f_ticks
}
}
|
This way, appropriate loglines will be logged into your local syslog instance. If you want to forward your ticks to the statistics system, please get in touch with your NRO to get to know the syslog destination and configure your syslog daemon to forward the log line correspondingly.