freeradius failover-through proxy or other way?
Martin Lambev
question is immature...
After rading all wiki - freeradius, still is not clear to me, is it
possible to do failover-through proxy, and how to organize the things
that I want to accomplish. Explanation fallow:
Now I have the fallowing setup: node 1 - NAS (pptp, openvpn) -> server 2
(freeradius + mysql as backed)
I red in documentation about 2 or 3 mysql db and how to do fail-over,
load-balancing and redundancy, but If I do it like that when freeradius
server fail, the whole setup is down.
I want to add another node as second NAS so the things will become like
this:
node 1 - NAS (pptp, openvpn) -> server 2 AAA (freeradius+mysql)
node 3 - NAS ( l2tp) -------------^
I want to have redundancy in case server 2 AAA (freeradius + mysql as
backend) fail, second server 4 AAA to take over with exactly the same
setup (freeradius + mysql backend).. Should I use freeradius proxy on
every node??? other solution? So the thigs needs to become like this:
node 1 - NAS (+freeradius proxy?)--| Internet |---server 2 master
(freeradius+mysql, location ex.US ) node 3 - NAS (+freeradius
proxy?)--| Internet |---server 4 slave (freeradius+mysql, location ex.EU )
I want to have mysql db to be updated (to have mirror copy) on booth
server 2,4 in real time. The purpose of this set up is redundancy if
one of the AAA server is down the other one to take over without impact
over node 1,3 ( temporary user disconnect is acceptable )
Or may be there is other way to do so?
Any advices are welcomed, correction or hints.... anything that can help
me "see" better :)
Best Regards,
Martin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok
> After rading all wiki - freeradius, still is not clear to me, is it
> possible to do failover-through proxy, and how to organize the things
> that I want to accomplish. Explanation fallow:
See raddb/proxy.conf.
> Now I have the fallowing setup: node 1 - NAS (pptp, openvpn) -> server 2
> (freeradius + mysql as backed)
> I red in documentation about 2 or 3 mysql db and how to do fail-over,
> load-balancing and redundancy, but If I do it like that when freeradius
> server fail, the whole setup is down.
Exactly.
> I want to add another node as second NAS so the things will become like
> this:
>
> node 1 - NAS (pptp, openvpn) -> server 2 AAA (freeradius+mysql)
> node 3 - NAS ( l2tp) -------------^
>
> I want to have redundancy in case server 2 AAA (freeradius + mysql as
> backend) fail, second server 4 AAA to take over with exactly the same
> setup (freeradius + mysql backend).. Should I use freeradius proxy on
> every node??? other solution? So the thigs needs to become like this:
The NASes should do fail-over by listing a primary && secondary RADIUs
server.
> node 1 - NAS (+freeradius proxy?)--| Internet |---server 2 master
> (freeradius+mysql, location ex.US ) node 3 - NAS (+freeradius
> proxy?)--| Internet |---server 4 slave (freeradius+mysql, location
> ex.EU )
>
> I want to have mysql db to be updated (to have mirror copy) on booth
> server 2,4 in real time. The purpose of this set up is redundancy if
> one of the AAA server is down the other one to take over without impact
> over node 1,3 ( temporary user disconnect is acceptable )
See raddb/sites-enabled/copy-acct-to-home-server
> Or may be there is other way to do so?
There are lots of ways to do it.
Alan DeKok.
Martin Lambev
wrote:
> Send Freeradius-Users mailing list submissions to
> freeradi...@lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> freeradius-u...@lists.freeradius.org
>
> You can reach the person managing the list at
> freeradius-...@lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
> 1. Re: SQL Counter Escape String ! (Alan DeKok)
> 2. Re: SQL Counter Escape String ! (Suman Dash)
> 3. Re: freeradius failover-through proxy or other way? (Alan DeKok)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 16 Mar 2011 11:39:54 +0100
> From: Alan DeKok<al...@deployingradius.com>
> Subject: Re: SQL Counter Escape String !
> To: su...@clydontech.com, FreeRadius users mailing list
> <freeradi...@lists.freeradius.org>
> Message-ID:<4D80937A...@deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Suman Dash wrote:
>> Hi Alan,
>>
>> Did you managed to look into the issue ?
> No.
>
>> or maybe any hints on how to use DATETIME in Expiration instead of String ?
> Honestly, in 2.1.10, you can just write SELECT statements directly in
> "unlang".
>
> update reply {
> Session-Timeout := "%{sql: SELECT ...}"
> }
>
> Couple that with a few other things, and you should be able to replace
> the sqlcounter module entirely.
>
> i.e. I don't use that module, and I know little or nothing about it.
> I have little time to do anything with it.
>
> Alan DeKok.
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 16 Mar 2011 16:13:49 +0530
> From: Suman Dash<su...@clydontech.com>
> Subject: Re: SQL Counter Escape String !
> To: FreeRadius users mailing list
> <freeradi...@lists.freeradius.org>
> Message-ID:<4D809465...@clydontech.com>
> Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
>
> Much thanks Alan,
>
> That was some really good advice on how to make the thing work.
>
> So now i have to write unlang statement in preprocess so that it
> directly gives the Session-Timeout . Please correct me if i am wrong.
>
> Thanks Again
> On 3/16/2011 4:09 PM, Alan DeKok wrote:
>> Suman Dash wrote:
>>> Hi Alan,
>>>
>>> Did you managed to look into the issue ?
>> No.
>>
>>> or maybe any hints on how to use DATETIME in Expiration instead of String ?
>> Honestly, in 2.1.10, you can just write SELECT statements directly in
>> "unlang".
>>
>> update reply {
>> Session-Timeout := "%{sql: SELECT ...}"
>> }
>>
>> Couple that with a few other things, and you should be able to replace
>> the sqlcounter module entirely.
>>
>> i.e. I don't use that module, and I know little or nothing about it.
>> I have little time to do anything with it.
>>
>> Alan DeKok.
>>
>>
>> __________ Information from ESET NOD32 Antivirus, version of virus signature database 5924 (20110303) __________
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
>>
>>
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:<https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110316/6e29e23e/attachment.html>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 16 Mar 2011 11:50:00 +0100
> From: Alan DeKok<al...@deployingradius.com>
> Subject: Re: freeradius failover-through proxy or other way?
> To: FreeRadius users mailing list
> <freeradi...@lists.freeradius.org>
> Message-ID:<4D8095D8...@deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Martin Lambev wrote:
>> After rading all wiki - freeradius, still is not clear to me, is it
>> possible to do failover-through proxy, and how to organize the things
>> that I want to accomplish. Explanation fallow:
> See raddb/proxy.conf.
>
>> Now I have the fallowing setup: node 1 - NAS (pptp, openvpn) -> server 2
>> (freeradius + mysql as backed)
>> I red in documentation about 2 or 3 mysql db and how to do fail-over,
>> load-balancing and redundancy, but If I do it like that when freeradius
>> server fail, the whole setup is down.
> Exactly.
>
>> I want to add another node as second NAS so the things will become like
>> this:
>>
>> node 1 - NAS (pptp, openvpn) -> server 2 AAA (freeradius+mysql)
>> node 3 - NAS ( l2tp) -------------^
>>
>> I want to have redundancy in case server 2 AAA (freeradius + mysql as
>> backend) fail, second server 4 AAA to take over with exactly the same
>> setup (freeradius + mysql backend).. Should I use freeradius proxy on
>> every node??? other solution? So the thigs needs to become like this:
> server.
>
>> node 1 - NAS (+freeradius proxy?)--| Internet |---server 2 master
>> (freeradius+mysql, location ex.US ) node 3 - NAS (+freeradius
>> proxy?)--| Internet |---server 4 slave (freeradius+mysql, location
>> ex.EU )
>>
>> I want to have mysql db to be updated (to have mirror copy) on booth
>> server 2,4 in real time. The purpose of this set up is redundancy if
>> one of the AAA server is down the other one to take over without impact
>> over node 1,3 ( temporary user disconnect is acceptable )
> See raddb/sites-enabled/copy-acct-to-home-server
>
>> Or may be there is other way to do so?
> There are lots of ways to do it.
>
> Alan DeKok.
>
>
> ************************************************
Thank you very much Alan,
great guidance, I think proxy.conf+ copy-acct-to-home-server is what I
was looking for...
Do I need to list virtual server(copy-acct-to-home-server) in proxy.conf
home server pool ( probably not)?
and wich one gets priority ( process request form NAS first) is proxing
or copy-acct-to-home-server?
Today I will try that set up and see how it go's .
Best Regards
Martin