Robust Authentication Proxying

Philip Molter hrunting at hrunting.org
Sat Jul 11 23:37:39 CEST 2009


On Jul 11, 2009, at 3:55 PM, Ivan Kalik wrote:

>>> I think that you are going about it the wrong way. You wont proxy to
>>> pretend that home server has not gone down. How about this - instead
>>> of a
>>> group of stand-alone load-balanced home servers create a (true) high
>>> availability cluster. If your home server is always available this
>>> issue
>>> doesn't come up. And your customer always gets a response.
>>
>> Well, if I get the proxy handling to function the way I am
>> envisioning, I effectively create a high-availability cluster with  
>> the
>> proxy as my availability manager. :)
>
> As you have seen it's not straightforward.
>
>> Second, those home servers are
>> incredibly cheap and easily replaceable.  A high-availability cluster
>> probably would not be.
>
> Ahem. It can be just as cheap, since you probably already have it.
>
> http://www.linux-ha.org/

Linux HA is a great project.  If I was only dealing with a local  
situation, I would consider it.  My solution is going to be working  
with my home servers, but also home servers beyond my control.  I did  
not mean to imply I am trying to implement an HA RADIUS cluster  
through this discussion.  I am not.  It is just a side-effect of the  
process.

Given what Alan's talked above, I believe I have a very small patch  
that allows for more flexible handling of no-response situations.   
Hopefully it will a) work and b) be palatable to the freeradius team.

Philip



More information about the Freeradius-Users mailing list