freeradius failover-through proxy or other way?

Martin Lambev fsh3mve at gmail.com
Thu Mar 17 14:09:47 CET 2011 

On 03/16/2011 07:00 PM, freeradius-users-request at lists.freeradius.org 
wrote:
> Send Freeradius-Users mailing list submissions to
> 	freeradius-users at lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> 	freeradius-users-request at lists.freeradius.org
>
> You can reach the person managing the list at
> 	freeradius-users-owner at lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
>     1. Re: SQL Counter Escape String ! (Alan DeKok)
>     2. Re: SQL Counter Escape String ! (Suman Dash)
>     3. Re: freeradius failover-through proxy or other way? (Alan DeKok)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 16 Mar 2011 11:39:54 +0100
> From: Alan DeKok<aland at deployingradius.com>
> Subject: Re: SQL Counter Escape String !
> To: suman at clydontech.com,	FreeRadius users mailing list
> 	<freeradius-users at lists.freeradius.org>
> Message-ID:<4D80937A.5010808 at deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Suman Dash wrote:
>>   Hi Alan,
>>
>> Did you managed to look into the issue ?
>    No.
>
>> or maybe any hints on how to use DATETIME in Expiration instead of String ?
>    Honestly, in 2.1.10, you can just write SELECT statements directly in
> "unlang".
>
> 	update reply {
> 		Session-Timeout := "%{sql: SELECT ...}"
> 	}
>
>    Couple that with a few other things, and you should be able to replace
> the sqlcounter module entirely.
>
>    i.e. I don't use that module, and I know little or nothing about it.
> I have little time to do anything with it.
>
>    Alan DeKok.
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 16 Mar 2011 16:13:49 +0530
> From: Suman Dash<suman at clydontech.com>
> Subject: Re: SQL Counter Escape String !
> To: FreeRadius users mailing list
> 	<freeradius-users at lists.freeradius.org>
> Message-ID:<4D809465.2050204 at clydontech.com>
> Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
>
> Much thanks Alan,
>
> That was some really good advice on how to make the thing work.
>
> So now i have to write unlang statement in preprocess so that it
> directly gives the Session-Timeout . Please correct me if i am wrong.
>
> Thanks Again
> On 3/16/2011 4:09 PM, Alan DeKok wrote:
>> Suman Dash wrote:
>>>    Hi Alan,
>>>
>>> Did you managed to look into the issue ?
>>     No.
>>
>>> or maybe any hints on how to use DATETIME in Expiration instead of String ?
>>     Honestly, in 2.1.10, you can just write SELECT statements directly in
>> "unlang".
>>
>> 	update reply {
>> 		Session-Timeout := "%{sql: SELECT ...}"
>> 	}
>>
>>     Couple that with a few other things, and you should be able to replace
>> the sqlcounter module entirely.
>>
>>     i.e. I don't use that module, and I know little or nothing about it.
>> I have little time to do anything with it.
>>
>>     Alan DeKok.
>>
>>
>> __________ Information from ESET NOD32 Antivirus, version of virus signature database 5924 (20110303) __________
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
>>
>>
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:<https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110316/6e29e23e/attachment.html>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 16 Mar 2011 11:50:00 +0100
> From: Alan DeKok<aland at deployingradius.com>
> Subject: Re: freeradius failover-through proxy or other way?
> To: FreeRadius users mailing list
> 	<freeradius-users at lists.freeradius.org>
> Message-ID:<4D8095D8.2080101 at deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Martin Lambev wrote:
>> After rading all wiki - freeradius, still is not clear to me, is it
>> possible to do failover-through proxy, and how to organize the things
>> that I want to accomplish. Explanation fallow:
>    See raddb/proxy.conf.
>
>> Now I have the fallowing setup: node 1 - NAS (pptp, openvpn) ->  server 2
>> (freeradius + mysql as backed)
>> I red in documentation about 2 or 3 mysql db and how to do fail-over,
>> load-balancing and redundancy, but If I do it like that when freeradius
>> server fail, the whole setup is down.
>    Exactly.
>
>> I want to add another node as second NAS so the things will become like
>> this:
>>
>> node 1 - NAS (pptp, openvpn) ->  server 2 AAA (freeradius+mysql)
>> node 3 - NAS (  l2tp) -------------^
>>
>> I want to have redundancy in case server 2 AAA (freeradius + mysql as
>> backend) fail, second server 4 AAA to take over with exactly the same
>> setup (freeradius + mysql backend).. Should I use freeradius proxy on
>> every node??? other solution? So the thigs needs to become like this:
>    The NASes should do fail-over by listing a primary&&  secondary RADIUs
> server.
>
>> node 1 - NAS (+freeradius proxy?)--|  Internet  |---server 2 master
>> (freeradius+mysql, location ex.US ) node 3 - NAS (+freeradius
>> proxy?)--|  Internet  |---server 4 slave (freeradius+mysql, location
>> ex.EU )
>>
>> I want to have mysql db to be updated (to have mirror copy) on booth
>> server 2,4 in real time. The purpose of this set up is redundancy  if
>> one of the AAA server is down the other one to take over without impact
>> over node 1,3 ( temporary user disconnect is acceptable )
>    See raddb/sites-enabled/copy-acct-to-home-server
>
>> Or may be there is other way to do so?
>    There are lots of ways to do it.
>
>    Alan DeKok.
>
>
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest, Vol 71, Issue 76
> ************************************************
Thank you very much Alan,
great guidance, I think proxy.conf+ copy-acct-to-home-server is what I 
was looking for...

Do I need to list virtual server(copy-acct-to-home-server) in proxy.conf 
home server pool ( probably not)?
and wich one gets priority ( process request form NAS first)  is proxing 
or copy-acct-to-home-server?

Today I will try that set up and see how it go's .

Best Regards

Martin

More information about the Freeradius-Users mailing list