Can FAQ 6.10 please be fixed?

Jens Dreger jens.dreger at physik.fu-berlin.de
Thu Nov 8 15:05:19 CET 2007


On Thu, Nov 08, 2007 at 11:24:36AM +0100, Alan DeKok wrote:
> Jens Dreger wrote:
> > is simply no longer true. Checked the source: that option is gone. I
> > really really think that option should be there, though.
> 
>   It's not only hard to do, it can cause problems.
> 
>   i.e. opening *double* the connections to your SQL server.  That may be
> an issue.
>
> > I know there
> > is a shell script that starts a second server on a different port and
> > waits to see if it starts successfully. But that's also broken since
> > the -p Option doesn't seem to work in all cases:
> 
>   In CVS head and in 1.1.x, you need to do '-i' and '-p' together.
> 
> > Also, that approach is somewhat ridiculous considered the importance
> > of the radius server in our case.
> 
>   Yes.  But please understand that this is *not* apache.  FreeRADIUS has
> 1% (or less) of the resources that the apache team has.  And, the
> integration between RADIUS and databases is *much* stronger and more
> important than Apache.
> 
>   i.e. Apache can handle HUP && reload it's configuration because it
> doesn't *do* anything.  It doesn't cache connections.  It doesn't
> maintain a large number of connections to databases, etc.  It can afford
> to start up a completely brand new instance of itself from scratch,
> because there are almost no side-effects to doing so.
> 
>   In contrast, FreeRADIUS has to keep packet caches.  It usually has
> large numbers of connections to database, etc.

Ok, maybe i should rephrase my question: I'm not so much interested in
the HUP part, but the check-config part. I'm perfectly happy with
stopping and starting the radius-server IF I can make sure it will
succeed with the new config. I'm only changing the users file and
have no database connections at all so this should be doable. A tool
like radiusd-chkconfig (like bind offers) would probably be the right
thing.

I understand however that in a more complicated setup HUPs might be
problematic. 
 
>   You can update the script to add "-i 127.0.0.1" to it.  After that it
> *should* work, so long as you don't have limits on the number of
> database connections, etc.

...or hit a used port by accident. This script is just no elegant
solution. I guess I'll just have to keep two servers running on
different IPs and check if the test-server crashes with the new users
file before restarting the main server.

> > I tried to change the Wiki entry but apparently I don't have permission
> > to do so.
> 
>   Sign up for an account.  It's not open because of the massive volume
> of spammers who were attacking it.

I tried. 'Create Account' just gives me a login screen with no way to
to create an account. Am I missing something?

Regards,

Jens.

-- 
Jens Dreger                      Freie Universitaet Berlin
dreger at physik.fu-berlin.de       Fachbereich Physik - ZEDV
Tel: +49 30 83854774             Arnimallee 14
Fax: +49 30 83855902	         14195 Berlin



More information about the Freeradius-Users mailing list