one more try to migrate radius proxy to 2.x
Evgeniy Kozhuhovskiy
ugenk at mgts.by
Mon Jun 29 16:40:52 CEST 2009
Hi, all!
My first try to migrate our radius proxy from 1.1.7 to 2.x was when
2.0.4 just released :) All works ok, the only one problem was that
home server sometimes become dead (one time in 5 mins).
Configuration is near default, the only one difference is that i have
some unlang code that fixes NAS-IP-Address (in 1.1.7 config this was
done via rlm_attr_rewrite).
diff -ur between folder with freeradius sources and raddb dir says that
files that i've modified are:
1) clients.conf (i've added our NAS'es here)
2) proxy.conf, here is it:
proxy server {
default_fallback = no
}
home_server cboss {
type = auth+acct
ipaddr = xx.xx.xx.xx
port = 1812
secret = ourcoolsecret
require_message_authenticator = no
response_window = 40
zombie_period = 60
revive_interval = 120
# Allowed values: none, status-server, request
status_check = none
# username = "test_user_please_reject_me"
# password = "this is really secret"
check_interval = 30
num_answers_to_alive = 3
}
home_server guest {
type = auth+acct
ipaddr = 127.0.0.1
port = 1921
secret = megasecret
require_message_authenticator = no
response_window = 20
zombie_period = 120
revive_interval = 120
# Allowed values: none, status-server, request
status_check = none
# username = "test_user_please_reject_me"
# password = "this is really secret"
check_interval = 30
num_answers_to_alive = 3
}
home_server_pool main_pool {
type = fail-over
home_server = cboss
}
home_server_pool guest_pool {
type = fail-over
home_server = guest
}
realm our_isp_realm.com {
auth_pool = main_pool
nostrip
}
realm guest {
auth_pool = guest_pool
nostrip
}
realm LOCAL {
}
Also, there is some changes to radius.conf:
-max_requests = 1024
+max_requests = 1024000
-regular_expressions = yes
-extended_expressions = yes
+regular_expressions = no
+extended_expressions = no
- auth = no
+ auth = yes
- reject_delay = 1
+ reject_delay = 2
- status_server = yes
+ status_server = no
- start_servers = 5
+ start_servers = 25
- max_servers = 32
+ max_servers = 64
- max_spare_servers = 10
+ max_spare_servers = 15
- $INCLUDE eap.conf
+# $INCLUDE eap.conf
- exec
+# exec
- expr
+# expr
- expiration
- logintime
+# expiration
+# logintime
- eap {
- ok = return
- }
+# eap {
+# ok = return
+# }
- eap
+ #eap
in preproxy:
+ $INCLUDE ${sysconfdir}/raddb/fixup.conf
- eap
+ #eap
deb240:/usr/local/freeradius2.1.6/etc# cat raddb/fixup.conf
#nas1
if (NAS-IP-Address == 1.1.1.1) {
update proxy-request {
NAS-IP-Address := 2.2.2.1
}
}
#nas2
if (NAS-IP-Address == 1.1.1.2) {
update proxy-request {
NAS-IP-Address := 2.2.2.2
}
}
and so on, for 10 nas'es
And, logs! :)
deb240:/usr/local/freeradius2.1.6/var/log/radius# cat radius.log |grep
zomb |head -1; cat radius.log |grep zomb | tail -1; cat radius.log |grep
zomb | wc -l
Mon Jun 29 17:09:40 2009 : Error: PROXY: Marking home server 172.26.0.31
port 1812 as zombie (it looks like it is dead).
Mon Jun 29 17:17:57 2009 : Error: PROXY: Marking home server 172.26.0.31
port 1813 as zombie (it looks like it is dead).
284
Ofcourse, on 1.1.7 (at the same machine) all works fine
--
With best regards, Evgeniy Kozhuhovskiy
Leader, Services team
Minsk State Phone Network, RUE Beltelecom.
More information about the Freeradius-Users
mailing list