Adding a NAS via SQL
Claudiu Filip
claudiu at globtel.ro
Tue Jul 31 13:52:31 CEST 2007
Hi Santiago,
Tuesday, July 31, 2007, 11:21:36 AM, you wrote:
> I have one question to this, you suposed that RADIUS and DataBase
> services are in the same machine, what happens if these services are
> in severa or there are replicate servers?
Most probably you will have the radius and the database on separate
machines. If you have replication or if you have many updates (a farm of
dyndns radius clients) or if you dont want to HUP the server too
often, you will have to create a simple program to just NOTIFY another
application responsible with HUPing the freeradius.
Example from a fantasy world:
== database trigger ============
CREATE OR REPLACE FUNCTION restart_radiusd() RETURNS TRIGGER AS $rr_rad$
use IO::Socket;
my($sock, $SERVER_IP, $SERVER_PORT);
$SERVER_IP = '1.2.3.4';
$SERVER_PORT = 1818;
$sock = IO::Socket::INET->new(Proto => 'udp',
PeerPort => $SERVER_PORT,
PeerAddr => $SERVER_IP);
$sock->send("please restart");
return;
$rr_rad$ LANGUAGE plperlu;
===============================
This trigger will send an udp packet to 1.2.3.4:1818 with the text
"please restart". On the 1.2.3.4 end, we'll have a little gipsy opening
the door every min_restart_interval seconds to check for stickies..
He's very sensitive and we must be polite to him.
== freeradius machine =========
#!/usr/bin/perl
use IO::Socket;
my ($server, $request, $server_port, $min_restart_interval, $need_to_restart, $msg_max_length, $message);
$min_restart_interval = 300; #seconds
$server_port = 1818;
$need_to_restart = 0;
$msg_max_length = 1024;
$server = IO::Socket::INET->new(LocalPort => $server_port, Proto => "udp")
or die "Couldn't bind udp server on port $server_port : $@\n";
$SIG{ALRM} = sub {
if ($need_to_restart == 1) {
system("/usr/bin/sudo /usr/bin/killall -HUP radiusd");
$need_to_restart = 0;
}
alarm $min_restart_interval;
};
alarm $min_restart_interval;
while (1) {
$request = $server->recv($message, $msg_max_length);
$need_to_restart = 1 if ($message =~ /please/);
}
===============================
In the real world, you also have many other ways, like using ssh, RPC
- rsh... If you are paranoic about opening a port, i guess you can
also make freeradius to shoot itself in the leg by using rlm_exec and
%{Client-IP-Address}.
Best regards,
Claudiu Filip
@: claudiu at globtel.ro
Http://www.globtel.ro
T:+40344880100
F:+40344880113
>>My advice is to create a database trigger on INSERTs, UPDATEs,
>>DELETEs.
>>For example, my postgresql trigger written in plperlu:
>>
>>CREATE OR REPLACE FUNCTION restart_radiusd() RETURNS TRIGGER AS $rr_rad$
>> system("/usr/bin/sudo /usr/bin/killall -HUP radiusd");
>> return;
>>$rr_rad$ LANGUAGE plperlu;
>>DROP TRIGGER IF EXISTS need_to_restart_radiusd ON nas_table;
>>CREATE TRIGGER need_to_restart_radiusd AFTER INSERT OR UPDATE OR DELETE ON nas_table
>>FOR EACH STATEMENT EXECUTE PROCEDURE restart_radiusd();
More information about the Freeradius-Users
mailing list