Virtual Server Pool Problem

manny comp.sci.forum at gmail.com
Fri Jun 8 15:32:03 CEST 2012


Hello all,

I am attempting to setup a FreeRADIUS server to listen only on one IP
address, but have two virtual servers. At the moment I am testing with
simple servers, one that accepts and one that rejects. I have a freeradius
server that is dependent on another server, and want to provide an alternate
authentication method when the server is down. I sort of have an idea but i
feel far from getting to a working setup. The following is part of my setup
configuration.

listen {
        type = auth
        ipaddr = 192.168.100.251
        port = 1812
        virtual_server = primary
}

listen {
        ipaddr = 192.168.100.251
        port = 1813
        type = acct
        virtual_server = primary
}

server primary {
  authorize {
    update control {
      Auth-Type := Reject
    }
  }
  ...
}

server secondary {
  authorize {                                                                                                                                                                      
    update control {
      Auth-Type := Accept
    }
  }
}

proxy server {
  default_fallback = yes
}

home_server first {
  type = auth+acct
  ipaddr = 192.168.100.251
  #virtual_server = primary
  port = 1812
  secret = secret
  require_message_authenticator = no
  ...
}

home_server second {
  virtual_server = secondary
  type = auth+acct
  port = 1822
  secret = secret
}

home_server_pool my_auth_failover {
        type = fail-over
        home_server = first
        home_server = second
}


This is the result from radtest

[root at chive raddb]# radtest test test123 192.168.100.251 1812 secret                                                                                                          
Sending Access-Request of id 239 to 192.168.100.251 port 1812
        User-Name = "test"
        User-Password = "test123"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1812
rad_recv: Access-Reject packet from host 192.168.100.251 port 1812, id=239,
length=20
[root at chive raddb]#

This is the result after I use radmin to set home_server as dead (set
home_server state 192.168.100.251 812 dead):

[root at localhost raddb]# radtest test test123 192.168.100.251 1812 secret
Sending Access-Request of id 1 to 192.168.100.251 port 1812
        User-Name = "test"
        User-Password = "test123"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1812
rad_recv: Access-Reject packet from host 192.168.100.251 port 1812, id=1,
length=20
[root at localhost raddb]#

It is my understanding that once a home_server is dead, it tries the next
one, but here I see that port 1812 is still used instead of 1822.

Your help is greatly appreciated.

Thanks,
Manny 

-----
Test.
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Virtual-Server-Pool-Problem-tp5713617.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.


More information about the Freeradius-Users mailing list