Question
Scott Hughes
scott at renshawauto.com
Tue Aug 8 20:19:59 CEST 2006
Thanks for the great answers. To clarify the "updates" part of my original
message, I was referring to when a new user was added. In other words, like
a DNS structure, when a new entry into a domain is added (i.e. new mail
server), the admin would add it to the master server, then that master
server would send the update to the slave servers.
Stefan actually answered that question when he made the following comment:
"Just setup the server twice (ideally both using _one_ authentication
backend, e.g. a mySQL db on a different host that both can access) and tell
your client devices about it."
Thanks again!
Scott
-----Original Message-----
From: freeradius-users-bounces+scott=renshawauto.com at lists.freeradius.org
[mailto:freeradius-users-bounces+scott=renshawauto.com at lists.freeradius.org]
On Behalf Of Dennis Skinner
Sent: Tuesday, August 08, 2006 12:58 PM
To: FreeRadius users mailing list
Subject: Re: Question
Scott Hughes wrote:
> Does Freeradius have the ability to use multiple nodes in similar
> fashion to name servers? An example of this would be a situation when
> the master freeradius server is down for some reason, but the slave
> freeradius server(s) continue to grant & deny access but do not receive
> any updates until the master is back up.
Yes, radius does this, but it is done on the client end which is why you
can't find any docs for it. Clients are generally setup with primary
and secondary radius servers that they talk to. When they don't hear
from one within a set time, they try the other.
Radius servers can also proxy to other radius servers (ie act as client)
so have a look at the proxy.conf file. That may answer some of your
questions.
Not sure what you mean by updates....do you mean accounting requests?
See the proxy.conf. You can send accounting requests wherever you want.
Generally they go to the same server as the auth requests and fail over
to secondary just like auth.
Keep in mind that radius accounting is not guaranteed. We are talking
UDP and while there is some checking, accounting requests can get lost.
So if the primary server is the only one to accept accounting requests,
if that server goes down, you will have missing data. The client won't
store them and wait for the primary to come back.
--
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list