Re: JRS - Proxying v2

Arran Cudbard-Bell <A.Cudbard-Bell@sussex.ac.uk> · Sat, 07 Apr 2007 00:03:00 +0100

  Longer, but more configurable.

  As of Thursday's CVS, one of the "type" options for a server_pool is
"type = client_balance", which maps N clients to one home server.  It's
not as good as real load balancing, but much less work than tracking
individual EAP sessions.
...

Very nice feature :)

Though using todays CVS (head revision for radiusd, checked out about 3 

hours) , I still get Unknown type "client_balance".

Also it doesn't let me put multiple servers in a server pool, and dies 

on runtime with

/usr/local/freeradius-cvs060407/etc/raddb/radiusd.conf[147]: Ignoring 

duplicate home server jrs1_auth.

  I hope not.  An accounting pool needs to reference accounting servers,
not authentication servers.  Maybe I missed one sanity check.  If so,
I'll fix that.

Oh typo on my part, though yes might be good to check all the servers in 

the server pool are of the same type,

and that accounting pools are not used for acct_pool declarations in 

realms and likewise for auth.

  You'll have to specify a username && password, too.

Yes, just realised that :)

  Many of these new configuration options can be left at the defaults.

Yes.

Very long, but I can see the advantages :
  Yes.

  If many home servers are intended to be identical, it may be worth
referencing the configuration from one to another, maybe via some kind
of template.  That would make it just as flexible, but less typing.

Revised JRS 2
janet_servers {
       server0 = roaming0.ja.net
       server1 = roaming1.ja.net
       server2 = roaming2.ja.net
       secret = theirkey
}
##############
# Server Pools
#
realm jrs {
       auth_pool = jrs_auth_cb
       acct_pool = jrs_acct_cb
       nostrip
}

##############
# Server Pools
#
server_pool jrs_auth_cb {
               home_server = jrs0_auth
              #home_server = jrs1_auth
              #home_server = jrs2_auth
               type = fail-over
              #type = client_balance
}
server_pool jrs_acct_cb {
               home_server = jrs0_acct
              #home_server = jrs1_acct
              #home_server = jrs2_acct
               type = fail-over
              #type = client_balance
}
##############
# Home Servers

home_server jrs0_auth {
               hostname = ${janet_servers.server0}
               $INCLUDE ${confdir}/jrs.auth.conf
}
home_server jrs0_acct {
               hostname = ${janet_servers.server0}
               $INCLUDE ${confdir}/jrs.acct.conf
}
home_server jrs1_auth {
               hostname = ${janet_servers.server1}
               $INCLUDE ${confdir}/jrs.auth.conf
}
home_server jrs1_acct {
               hostname = ${janet_servers.server1}
               $INCLUDE ${confdir}/jrs.acct.conf
}
home_server jrs2_auth {
               hostname = ${janet_servers.server2}
               $INCLUDE ${confdir}/jrs.auth.conf
}
home_server jrs2_acct {
               hostname = ${janet_servers.server2}
               $INCLUDE ${confdir}/jrs.acct.conf
}