run more than one radius on single machine
Phil Mayers
p.mayers at imperial.ac.uk
Mon Sep 5 12:50:50 CEST 2011
On 05/09/11 10:06, Fajar A. Nugraha wrote:
> On Mon, Sep 5, 2011 at 3:44 PM, waq<waqqayyum at gmail.com> wrote:
>> Dear,
>>
>> Its my requirement to run more than one radius on a single machine
>
> Why?
>
> Using virtual servers is usually easier. They can listen to different
> IP/port, and have different configuration. See
> sites-available/inner-tunnel for example of using a "listen" section
> inside a virtual server.
There are some reasons. Fault isolation for one - although FreeRADIUS is
pretty reliable, no software is perfect and if you have radius services
of differing levels of criticality (e.g. "vpn access == important",
"802.1x access to local LAN == critical") you might want prevent one
segfault from affecting another.
We do this
>
>> can anybody help me how to achieve this
>
> If you REALLY want to run run multiple instances of radiusd, then
> start by having separate configuration directory (e.g. /etc/raddb,
> /etc/raddb2, and so on) for each instance and call radiusd with "-d"
That is one option.
Another option is to use /etc/raddb/instance.conf as the config file,
and start "radiusd -n instance". This is what we do, and makes the
config management easier if you share a lot of common code.
> parameter. And you'd also need to change some settings on radiusd.conf
> (e.g. raddbdir, run_dir, or possibly just "name"). And you need to
> make sure all of them bind to different IP/port/socket. Last time I
> tried this it works, but the startup script didn't work as expected
> (e.g. it kills both radiusd instances and only start one). Didn't have
> time to look more into it since I didn't need it anymore.
We wrote an instance-aware init script for this. It wasn't hard.
More information about the Freeradius-Users
mailing list