two freeradius servers - question for advice

Matthew Newton mcn4 at leicester.ac.uk
Fri Apr 1 13:43:00 CEST 2016


On Fri, Apr 01, 2016 at 07:23:21AM -0400, Alan DeKok wrote:
> On Apr 1, 2016, at 2:59 AM, Marcin <marcin at nicram.net> wrote:
> > I'm going to check authenticate in db and if if failed get user from files
> > (created in background).
> 
> Hmm... that would work, I guess.. buy you'd need a cron job (or something similar) to regularly dump the DB to files.
> 
> Though the next question is "If the files are up to date, why use a database?"

Exactly. Much faster to check files first, and if that fails then
fall back to checking database in case the user has been added
since the files were last updated.

But you may as well just dump the database tables to a file every
5 minutes and check that only. Not quite real time but near
enough, and resilient if the database goes down.

As Alan says, HA is complex, and not just limited to the
FreeRADIUS part. You have to understand and design the whole stack
top to bottom, and know what the different failure modes are[0].

Matthew



[0] for example, including dump db tables to a temporary file, and
only move over the live file if the dump completed sucessfully.

-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list