Robust Authentication Proxying
Philip Molter
hrunting at hrunting.org
Sat Jul 11 23:37:39 CEST 2009
On Jul 11, 2009, at 3:55 PM, Ivan Kalik wrote:
>>> I think that you are going about it the wrong way. You wont proxy to
>>> pretend that home server has not gone down. How about this - instead
>>> of a
>>> group of stand-alone load-balanced home servers create a (true) high
>>> availability cluster. If your home server is always available this
>>> issue
>>> doesn't come up. And your customer always gets a response.
>>
>> Well, if I get the proxy handling to function the way I am
>> envisioning, I effectively create a high-availability cluster with
>> the
>> proxy as my availability manager. :)
>
> As you have seen it's not straightforward.
>
>> Second, those home servers are
>> incredibly cheap and easily replaceable. A high-availability cluster
>> probably would not be.
>
> Ahem. It can be just as cheap, since you probably already have it.
>
> http://www.linux-ha.org/
Linux HA is a great project. If I was only dealing with a local
situation, I would consider it. My solution is going to be working
with my home servers, but also home servers beyond my control. I did
not mean to imply I am trying to implement an HA RADIUS cluster
through this discussion. I am not. It is just a side-effect of the
process.
Given what Alan's talked above, I believe I have a very small patch
that allows for more flexible handling of no-response situations.
Hopefully it will a) work and b) be palatable to the freeradius team.
Philip
More information about the Freeradius-Users
mailing list