Run 2 FreeRadius simultanously
Phil Mayers
p.mayers at imperial.ac.uk
Thu Jun 14 12:33:42 CEST 2007
Alan Dekok wrote:
> Jaume wrote:
>> Can my machine run 2 FreeRadius at the same time? Each FreeRadius in a
>> diferent IP but simultanously in the same CPU and O.S.? Somebody tell
>> me thats possible if each radius is reading from a diferent PATH...
>
> As Josh said, yes.
>
> But why? The server can be configured to listen on multiple IP's and
> ports. The only reason to run two servers is if they're administered by
> completely different people.
We run multiple instances, with each service on a secondary IP and its
own server process; this helps with fault isolation, as well as allowing
development of an appropriate config for new services without disrupting
existing ones (doubly important now that HUP doesn't work).
re: Fault isolation - FreeRadius is a pretty reliable bit of software,
but it's not bug-free. We have an infrequent hang-up of our wireless WPA
instance (and yes, as soon as I have enough info I will report the bug).
Blowing away our entire network (wired ports, vpn, dialup, eduroam)
because that has hung up is not attractive, and multiple processes helps
there.
Running redundant servers doesn't help much in this case for 2 reasons:
first, we've found that Cisco APs are very, very poor at detecting dead
radius servers and moving to the backup; second, it seems to be
malformed data coming from a certain client so if the APs do failover,
the 2nd server hangs up in short order.
Additionally there are certain configurations that are easy to do
individually, but very difficult to combine; though the config unlang in
2.0 should resolve most of the cases I have in mind, and they can be
resolved in 1.1 with careful use of Autz/Acct-Type and early use of a
module that can add request items (hints, huntgroups, rlm_passwd).
More information about the Freeradius-Users
mailing list