Load Balancing EAP with freeradius...

Robert Roll Robert.Roll at utah.edu
Thu Mar 24 01:22:45 CET 2011


Thanks,

 I put the update Load-Balance-Key right at the top of the authorize section in
the ../sites-enabled/default...

 that seems to be working pretty well...

 I'll look more at the client-port-balance ...

thanks,

Robert

________________________________________
From: freeradius-users-bounces+robert.roll=utah.edu at lists.freeradius.org [freeradius-users-bounces+robert.roll=utah.edu at lists.freeradius.org] On Behalf Of Phil Mayers [p.mayers at imperial.ac.uk]
Sent: Wednesday, March 23, 2011 3:47 PM
To: freeradius-users at lists.freeradius.org
Subject: Re: Load Balancing EAP with freeradius...

On 03/23/2011 08:56 PM, Robert Roll wrote:
>
>   I'd like to try load balancing EAP/PEAP/MSCHAPV2 using freeradius. I looked at the proxy.conf and it seems
> that there are two options, because you have to insure the same end client talks to the
> same radius server. There seems to be client-balance that uses IP source addresses and

We use client-port-balance. IIRC this is the recommended method for UK
eduroam sites.

> there is Load-Balance-Key something like
>
>      update control {
>      Load-Balance-Key := "%{NAS-IP-Address} %{NAS-Port} %{User-Name} %{Calling-Station-ID}"
>    }

Huh. Neat. I hadn't seen that.

>
>   Currently, we have a Radiator server that uses client mac-addresses for this purpose. If I do
> want to use the Load-Balance-Key, I'm honestly not sure where to put the update of the
> Load-Balance-Key.. Does it go in the proxy.conf  ?

That's an unlang statement, so it goes in a radius virtual server. Since
you want to use it for proxying you will have to do it in the
"authorize" section (or maybe pre-proxy) e.g.

/etc/raddb/sites-enabled/default:

authorize {
   update control {
     Load-Balance-Key = "%{Calling-Station-Id}"
   }
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list