two freeradius servers - question for advice

Alan DeKok aland at deployingradius.com
Fri Apr 1 13:23:21 CEST 2016


On Apr 1, 2016, at 2:59 AM, Marcin <marcin at nicram.net> wrote:
> I'm going to start two freeradius servers to authenticate PPPoE users, both
> independent of the other. First as primary and second as secondary. I'm
> going to start PostgreSQL server also, but in case of unavailability of sql
> server freeradius server must have work properly.

  What does that mean?

  It's always a red flag for me when people say vague things like "it must work properly".  Computers aren't magic.  They don't know your intention, or your requirements.

> Both freeradius have to have actual data of arleady logged users to provide
> simultanieusly use.

  i.e. The databases have to replicate data to each other.  Or, each server has to write to both databases.

  Database replication is complex.  You really need to have a good understanding of the systems (and their failure modes) before implementing it.

> I'm going to check authenticate in db and if if failed get user from files
> (created in background).

  Hmm... that would work, I guess.. buy you'd need a cron job (or something similar) to regularly dump the DB to files.

  Though the next question is "If the files are up to date, why use a database?"

> accounitng i'm going to do with linelog and afterwards put in to database.

  The server already supports writing and reading "detail" files into the DB.  It doesn't support reading "linelog" entries.

> I need advice from you, more advanced users than me. How to achieve that HA
> and avablitity.

  The short solution is to set up two independent servers.  Each reads and writes to their own DB.  Then, each replicates accounting traffic to the other.  There are examples of this is raddb/sites-available/

  The longer answer is that HA is a complicated configuration.  It's really not possible to describe all of the possibilities, problems, and solutions in a  short email.  You have to understand all of the pieces, and understand the trade-offs each solution has.

  To be honest, for less than 10K users, you just don't need HA.  Run one server, and make sure it stays up.

  Alan DeKok.




More information about the Freeradius-Users mailing list