Execution of rlm code when remote server is not responding.

Thu Sep 27 13:32:52 CEST 2012

On Thu, Sep 27, 2012 at 4:29 PM, Phil Mayers <p.mayers at imperial.ac.uk>wrote:

> On 27/09/12 11:22, Arka Sharma wrote:
>
>> Hi,
>>
>>             I have a remote PPS server where I am proxying radius
>> requests coming from the NAS. I have a requirement like when that remote
>> PPS goes down(which I am simulating by setting a wrong ip in proxy.conf
>> realm configuration) then I have to perform a certain task in rlm
>>
>
> What task? Does it have to be in "rlm" code? Because "rlm" code only runs
> in response to packets, not server-down events.
>
> Thanks a lot Phil for your reply.Now actually in my rlm code I want to set
a flag to mark the vent of server went down and invoke a java code using
JNI that is part of rlm.

>
>  code.But my observation is when I am setting a dummy ip for PPS, the
>> radius server running on my machine is marking that remote server as
>> zombie after 3 retries,now I want in this case that my rlm code to
>> execute and handle the scenario when remote server is down.Any help will
>> be highly appreciated.Also I may have used some naive terminology being
>> a newbie apologizing for that.
>>
>
> You've got a couple of options to respond to a down proxy.
>
> 1. In the "master" branch, there is support for "triggers" - see
> raddb/trigger.conf. This can execute a script when a home server goes down
> or up, and can obviously do anything you want
>
> Can you please elaborate.I searched the file "trigger.conf" using "find /
-name trigger.conf" but did not get anything.Do I need to create it by my
own.

> 2. In all recent versions, you can use "radmin" from cron to poll home
> server status, and respond based on status change e.g.
>
> radmin -n eduroam -e 'show home_server list'
>
> ...you can run this in a loop
>
>
> In the proxy.conf I have old style realm configuration.Ip's for
authorization and accounting hosts in the realm section.

> It's possible you could do something in the "post-proxy" section like so:
>
> post-proxy {
>   Post-Proxy-Type Fail {
>   }
> }
>
I was looking into default.original in sites-enabled for this.Can you give
me some examples for this ?

>
> ...but I think this only runs for *real* requests, not the internal server
> probes, so you'll need to inject frequent test requests using "radclient"
> or similar. You also don't know *which* home server failed, so will still
> need to use "radmin" in a script to find this out (maybe it would be useful
> for this to be a control attribute added to the failing request).
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
> list/users.html <http://www.freeradius.org/list/users.html>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120927/ef1d20c3/attachment.html>