freeradius failover-through proxy or other way?

Alan DeKok aland at deployingradius.com
Wed Mar 16 11:50:00 CET 2011


Martin Lambev wrote:
> After rading all wiki - freeradius, still is not clear to me, is it
> possible to do failover-through proxy, and how to organize the things
> that I want to accomplish. Explanation fallow:

  See raddb/proxy.conf.

> Now I have the fallowing setup: node 1 - NAS (pptp, openvpn) -> server 2
> (freeradius + mysql as backed)
> I red in documentation about 2 or 3 mysql db and how to do fail-over,
> load-balancing and redundancy, but If I do it like that when freeradius
> server fail, the whole setup is down.

  Exactly.

> I want to add another node as second NAS so the things will become like
> this:
>
> node 1 - NAS (pptp, openvpn) -> server 2 AAA (freeradius+mysql)
> node 3 - NAS (  l2tp) -------------^
> 
> I want to have redundancy in case server 2 AAA (freeradius + mysql as
> backend) fail, second server 4 AAA to take over with exactly the same
> setup (freeradius + mysql backend).. Should I use freeradius proxy on
> every node??? other solution? So the thigs needs to become like this:

  The NASes should do fail-over by listing a primary && secondary RADIUs
server.

> node 1 - NAS (+freeradius proxy?)--|  Internet  |---server 2 master
> (freeradius+mysql, location ex.US ) node 3 - NAS (+freeradius
> proxy?)--|  Internet  |---server 4 slave (freeradius+mysql, location
> ex.EU )
> 
> I want to have mysql db to be updated (to have mirror copy) on booth
> server 2,4 in real time. The purpose of this set up is redundancy  if
> one of the AAA server is down the other one to take over without impact
> over node 1,3 ( temporary user disconnect is acceptable )

  See raddb/sites-enabled/copy-acct-to-home-server

> Or may be there is other way to do so?

  There are lots of ways to do it.

  Alan DeKok.



More information about the Freeradius-Users mailing list