Redundant Freeradius

[Fajar A. Nugraha]

On Sat, Dec 1, 2012 at 8:37 AM, fknet <ffkammer at conchalnet.com.br> wrote:
> Hello, anyone can help me with this doubt???

Short answer: hire a competent DBA.


Long answer:
Your question was asked so many times already by others. Search the
list archive for details. The short summary is there's no silver
bullet. It depends on what your priorites are, and what kind of
resource you have (e.g. do you have a competent DBA? FR expert? Or
just some newbie-who-only-knows-how-to-install-stuff-using-GUI-or-apt-get?).


>
> Can I replicate the radacc table of mysql database without any problem ???

You can. But if you don't have an expert DBA, you most certainly WILL
have problems. Some things to watch out when going this route:
- make sure you can switch between master and slave. For example, when
the master fails, one of the slaves must became master, either
automatically or manually. And the other slaves (including the
failed-master-who-was-demoted-to-slave-when-it-comes-back-up) must be
able to sync data from the master
- make sure you DON'T have duplicate records (e.g. when using
multi-master scenario) which would prevent replication

Confused? If so, hire a dba. Or spend some time (one month or so) to
learn about it

> Or need I use proxy in freeradius?

You can choose that if you like. This is an alternative where you
don't need db replication. For example, you can have two sets of FR
and db, each FR only connects to each own db. And set it up so that:
- For auth, you need to sync radcheck/reply/etc db manually
- For acct, see examples in raddb/sites-available (e.g.
decoupled-accounting, copy-acct-to-home-server,
robust-proxy-accounting) to have accouting packets distributed to both
FRs

Confused? If so, hire a freeradius expert. Or spend some time (one
month or so) to learn and experiment more.

--
Fajar