Load Balancing EAP with freeradius...

[Phil Mayers]

On 03/23/2011 08:56 PM, Robert Roll wrote:
>
>   I'd like to try load balancing EAP/PEAP/MSCHAPV2 using freeradius. I looked at the proxy.conf and it seems
> that there are two options, because you have to insure the same end client talks to the
> same radius server. There seems to be client-balance that uses IP source addresses and

We use client-port-balance. IIRC this is the recommended method for UK 
eduroam sites.

> there is Load-Balance-Key something like
>
>      update control {
>      Load-Balance-Key := "%{NAS-IP-Address} %{NAS-Port} %{User-Name} %{Calling-Station-ID}"
>    }

Huh. Neat. I hadn't seen that.

>
>   Currently, we have a Radiator server that uses client mac-addresses for this purpose. If I do
> want to use the Load-Balance-Key, I'm honestly not sure where to put the update of the
> Load-Balance-Key.. Does it go in the proxy.conf  ?

That's an unlang statement, so it goes in a radius virtual server. Since 
you want to use it for proxying you will have to do it in the 
"authorize" section (or maybe pre-proxy) e.g.

/etc/raddb/sites-enabled/default:

authorize {
   update control {
     Load-Balance-Key = "%{Calling-Station-Id}"
   }
}