JRS - Proxying v2

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Sat Apr 7 01:03:00 CEST 2007


>   Longer, but more configurable.
>
>   As of Thursday's CVS, one of the "type" options for a server_pool is
> "type = client_balance", which maps N clients to one home server.  It's
> not as good as real load balancing, but much less work than tracking
> individual EAP sessions.
> ...
>   
Very nice feature :)

Though using todays CVS (head revision for radiusd, checked out about 3 
hours) , I still get Unknown type "client_balance".
Also it doesn't let me put multiple servers in a server pool, and dies 
on runtime with

/usr/local/freeradius-cvs060407/etc/raddb/radiusd.conf[147]: Ignoring 
duplicate home server jrs1_auth.

>   I hope not.  An accounting pool needs to reference accounting servers,
> not authentication servers.  Maybe I missed one sanity check.  If so,
> I'll fix that.
>   
Oh typo on my part, though yes might be good to check all the servers in 
the server pool are of the same type,
and that accounting pools are not used for acct_pool declarations in 
realms and likewise for auth.
>   You'll have to specify a username && password, too.
Yes, just realised that :)
>   Many of these new configuration options can be left at the defaults.
>   
Yes.
>> Very long, but I can see the advantages :
>>   Yes.
>>
>>   If many home servers are intended to be identical, it may be worth
>> referencing the configuration from one to another, maybe via some kind
>> of template.  That would make it just as flexible, but less typing.
Revised JRS 2
janet_servers {
        server0 = roaming0.ja.net
        server1 = roaming1.ja.net
        server2 = roaming2.ja.net
        secret = theirkey
}
##############
# Server Pools
#
realm jrs {
        auth_pool = jrs_auth_cb
        acct_pool = jrs_acct_cb
        nostrip
}

##############
# Server Pools
#
server_pool jrs_auth_cb {
                home_server = jrs0_auth
               #home_server = jrs1_auth
               #home_server = jrs2_auth
                type = fail-over
               #type = client_balance
}
server_pool jrs_acct_cb {
                home_server = jrs0_acct
               #home_server = jrs1_acct
               #home_server = jrs2_acct
                type = fail-over
               #type = client_balance
}
##############
# Home Servers

home_server jrs0_auth {
                hostname = ${janet_servers.server0}
                $INCLUDE ${confdir}/jrs.auth.conf
}
home_server jrs0_acct {
                hostname = ${janet_servers.server0}
                $INCLUDE ${confdir}/jrs.acct.conf
}
home_server jrs1_auth {
                hostname = ${janet_servers.server1}
                $INCLUDE ${confdir}/jrs.auth.conf
}
home_server jrs1_acct {
                hostname = ${janet_servers.server1}
                $INCLUDE ${confdir}/jrs.acct.conf
}
home_server jrs2_auth {
                hostname = ${janet_servers.server2}
                $INCLUDE ${confdir}/jrs.auth.conf
}
home_server jrs2_acct {
                hostname = ${janet_servers.server2}
                $INCLUDE ${confdir}/jrs.acct.conf
}




More information about the Freeradius-Users mailing list