FreeRADIUS + LVS problem

Alan DeKok aland at deployingradius.com
Mon Feb 19 14:27:47 CET 2007


Nicolas Baradakis wrote:
> I see one advantage to use Access-Request "pings": I can test both the
> RADIUS server and the MySQL backend with a single check.

  Yes.

> A FreeRADIUS proxy uses real users to ping the RADIUS servers, and
> that's troublesome for the reasons outlined in your draft. Keepalived
> deals with the problem differently: you can setup a special account to
> run the monitor checks. Therefore you don't really care whether the
> statistics of the user keepalived at realm.net are wrong.

  That's for strictly local testing.  I would suggest allowing this only
from localhost, or with certain VSA's that will never come in a RADIUS
packet.

  I'll add a paragraph about this situation.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list