NAS list update without restarting radius server.
Pawel Cieplinski
pawel at parkandmarine.com
Wed Jan 23 14:00:00 CET 2008
Hi Liran
I think, that will have to be a solution, i havegot also an idea to run two
instances of server on one machine on diffrent ports and redirect ports
using iptables, for egzample:
Radius A listening on ports 1820-1821
Radius B listening on ports 1822-1823
Variable server_on;
Start script is to run both servers and tell ip tables to redirect ports
1812-1813 to 1820-1821.
Variable server_on is set to A;
And "reboot server script" is checking server_on value:
If server_on == A then
{ reboot server B;
tell iptables to forward request to server B;
server_on = B;
} else {
reboot server A;
tell iptables to forward request to server A;
server_on = A;
}
Theoreticly non working server is idle and not taking resoures.
The only thing i dont know yet is switching while request is operating eg:
user send auth_request... Get response, and we swithed servers before
accounting.
Its just an idea, maybe it will be useful to someone
Pawel Cieplinski
________________________________
From:
freeradius-users-bounces+pawel=parkandmarine.com at lists.freeradius.org
[mailto:freeradius-users-bounces+pawel=parkandmarine.com at lists.freeradius.or
g] On Behalf Of liran tal
Sent: 23 January 2008 12:07
To: FreeRadius users mailing list
Subject: Re: NAS list update without restarting radius server.
I think that having 2 servers running in master/slave and constantly
exchanging the roles between them is highly a compromise for reading
once in a while a cached nas list and updating it every now and
then.
The interval to update the nas list can be user defined and will
solely
depend on your system being able to support it. Ofcourse I wouldn't
recommend doing it every second but a reasonable time is in place
I think.
Also I'm thinking that like most services in the world changes take
affect
only after a limited time which you can enforce in a policy.
For example, you tell your users or whomever operates the nas list
that
changes to the nas are affected only after 3 hours and set that time
as
the interval for freeradius to re-build the list.
Very much like that is what happens with DNS record updates for
example
(although for somewhat different reasons) which you have to wait at
least
a couple of hours if not the full 72 hours for the dns records to
update
on servers/routers across the globe.
Regards,
Liran Tal.
On Jan 23, 2008 12:08 PM, Pawel Cieplinski <pawel at parkandmarine.com
> wrote:
I wont be adding NASes, but users will do, so i am thinking
0-10 a day.
Linking to a dynamic list using interal its not a good
solution, becouse i
will need to wait for list update after adding NAS.
Other solution i am thinking is to run two instances of
server and restart
them in round robin and use iptables to redirect packets to
actual working
server.
Goal is to serveradius to third party as a service, so users
will add their
own nases, modified them etc, at this stage i cannot really
say how many
times a day i will need a restart, but i am wondering about
also about
following soltion:
Run two servers:
Primary and Secondary, primary will be restarted once a day,
and secondary
every time NAS list will be changed. After adding a NAS
primimary will not
respond (unknown NAS) so NAS will ask secondary instead)
also request from
other nases will not be lost becouse primary is not
restarded on NAS list
change.
What do you think ?
________________________________
From:
freeradius-users-bounces+pawel=
parkandmarine.com at lists.freeradius.org
[mailto:freeradius-users-bounces+pawel=parkandmarine.com at lists.freeradius.or
<mailto:freeradius-users-bounces+pawel=parkandmarine.com at lists.freeradius.or
>
g] On Behalf Of Marinko Tarlac
Sent: 23 January 2008 10:05
To: FreeRadius users mailing list
Subject: Re: NAS list update without restarting
radius server.
Well how many times per day do you add nases?
On Jan 23, 2008 10:20 AM, liran tal
<liransgarage at gmail.com > wrote:
Hey Alan,
On Jan 23, 2008 9:47 AM, Alan DeKok
<aland at deployingradius.com> wrote:
liran tal wrote:
> Maybe freeradius can read the nas
list from sql at
startup to some
> linked list and this list will be
updated every
given interval with a query
> to the database.
It's more complicated than that.
The NASes need to
be deleted, too.
And this has to be done without
affecting normal
server operation.
As always, patches are welcome.
Well, every given interval a query will run
on the database
server to get the
list of nases and it will build a new linked
list based on
that and delete
the other nodes and free the pointers of
those.
I guess that coming up with a method to check
against each
nas if it's
there or not, and to remove or add it based
on a check is
do-able
but would probably face some efficiency
issues where-as I
think it
would be proper to create a new linked list
with whatever
nases that
query returns and free the previous linked
list from memory.
I haven't had a look at the relevant code but
it seems quite
basic
to implement unless I'm over-seeing some
critical aspects
:-)
I'll be glad to take a look if you can refer
me to the
current piece
of code where freeradius handles the nas
lists read from the
database
and stores them.
Regards,
Liran Tal.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list