FreeRADIUS + LVS problem
Alan DeKok
aland at deployingradius.com
Mon Feb 19 14:27:47 CET 2007
Nicolas Baradakis wrote:
> I see one advantage to use Access-Request "pings": I can test both the
> RADIUS server and the MySQL backend with a single check.
Yes.
> A FreeRADIUS proxy uses real users to ping the RADIUS servers, and
> that's troublesome for the reasons outlined in your draft. Keepalived
> deals with the problem differently: you can setup a special account to
> run the monitor checks. Therefore you don't really care whether the
> statistics of the user keepalived at realm.net are wrong.
That's for strictly local testing. I would suggest allowing this only
from localhost, or with certain VSA's that will never come in a RADIUS
packet.
I'll add a paragraph about this situation.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list