Question about SQL fail open in post-auth and keyed-balance use in load balancing configuration
Alan DeKok
aland at deployingradius.com
Mon Nov 24 17:55:30 CET 2014
John Douglass wrote:
> Question 1: I thought I once read how to add this "fail open" in regards
> to using an SQL module. I have a table that gets updated after an auth,
> but if the DB is slow or there is a network issue, I want it to go on.
> It's not vital to auth the user, just using it as a "location update" of
> sorts.
>
> Is this the correct configuration for this behavior?
>
> post-auth {
> redundant {
> sql_location
> handled
> }
> }
No. You want:
post-auth {
redundant {
sql_location
ok
}
}
The "handled" code means something else.
> Question 2: I am experimenting with load balancing. I read the comments
> about keyed-balance:
Yes... we've seen that text before. There's no need to re-post it to
the list.
> If the username is a bad choice, I figured that the Calling-Station-Id
> (which in my case is the client MAC) would be a way to consistently have
> the same Load-Balance-Key.
>
> I am adding this to my server {} section:
>
> pre-proxy {
> update control {
> Load-Balance-Key := "%{Calling-Station-Id}"
> }
> updated
> }
Which is too late. You've got to update the Load-Balance-Key
attribute *before* the proxying starts. The reason is that the
pre-proxy stage runs after the home server is chosen. This is so that
you can do packet re-writing which is specific to the home server.
And, set the "home_server_pool" to have "type = keyed-balance"
Alan DeKok.
More information about the Freeradius-Users
mailing list