Question

Dennis Skinner dskinner at bluefrog.com
Tue Aug 8 19:57:46 CEST 2006


Scott Hughes wrote:
> Does Freeradius have the ability to use multiple nodes in similar
> fashion to name servers?  An example of this would be a situation when
> the master freeradius server is down for some reason, but the slave
> freeradius server(s) continue to grant & deny access but do not receive
> any updates until the master is back up.

Yes, radius does this, but it is done on the client end which is why you
can't find any docs for it.  Clients are generally setup with primary
and secondary radius servers that they talk to.  When they don't hear
from one within a set time, they try the other.

Radius servers can also proxy to other radius servers (ie act as client)
so have a look at the proxy.conf file.  That may answer some of your
questions.

Not sure what you mean by updates....do you mean accounting requests?
See the proxy.conf.  You can send accounting requests wherever you want.
 Generally they go to the same server as the auth requests and fail over
to secondary just like auth.

Keep in mind that radius accounting is not guaranteed.  We are talking
UDP and while there is some checking, accounting requests can get lost.
 So if the primary server is the only one to accept accounting requests,
if that server goes down, you will have missing data.  The client won't
store them and wait for the primary to come back.

-- 
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com



More information about the Freeradius-Users mailing list