two freeradius servers - question for advice

Marcin marcin at nicram.net
Fri Apr 1 13:58:35 CEST 2016


2016-04-01 13:23 GMT+02:00 Alan DeKok <aland at deployingradius.com>:

> On Apr 1, 2016, at 2:59 AM, Marcin <marcin at nicram.net> wrote:
> > I'm going to start two freeradius servers to authenticate PPPoE users,
> both
> > independent of the other. First as primary and second as secondary. I'm
> > going to start PostgreSQL server also, but in case of unavailability of
> sql
> > server freeradius server must have work properly.
>
>   What does that mean?
>
>   It's always a red flag for me when people say vague things like "it must
> work properly".  Computers aren't magic.  They don't know your intention,
> or your requirements.
>

Yes I know :)



>
> > Both freeradius have to have actual data of arleady logged users to
> provide
> > simultanieusly use.
>
>   i.e. The databases have to replicate data to each other.  Or, each
> server has to write to both databases.
>
>   Database replication is complex.  You really need to have a good
> understanding of the systems (and their failure modes) before implementing
> it.
>

I don't want replicate database.
I want to have as simple configuration as possible, having two independent
freeradius server with the same data.


>
> > I'm going to check authenticate in db and if if failed get user from
> files
> > (created in background).
>
>   Hmm... that would work, I guess.. buy you'd need a cron job (or
> something similar) to regularly dump the DB to files.
>


no, I'm going to use cron to generate files for radius from database if
something was canged in db.


>
>   Though the next question is "If the files are up to date, why use a
> database?"
>

My first though was not to use database directly, but only for generating
radius files configurations. but i need to allow onlu 1 conection per
client so i must use "Simultaneous-Use". I red that reading it from db is
the best way. so that i want db.



>
> > accounitng i'm going to do with linelog and afterwards put in to
> database.
>
>   The server already supports writing and reading "detail" files into the
> DB.  It doesn't support reading "linelog" entries.
>


> > I need advice from you, more advanced users than me. How to achieve that
> HA
> > and avablitity.
>
>   The short solution is to set up two independent servers.  Each reads and
> writes to their own DB.  Then, each replicates accounting traffic to the
> other.  There are examples of this is raddb/sites-available/
>
>   The longer answer is that HA is a complicated configuration.  It's
> really not possible to describe all of the possibilities, problems, and
> solutions in a  short email.  You have to understand all of the pieces, and
> understand the trade-offs each solution has.
>
>   To be honest, for less than 10K users, you just don't need HA.  Run one
> server, and make sure it stays up.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



I don't have to have Full HA. I've few spread PPPoE servers. I want to
prepare in case if something went wrong with one of freeradius server.



-- 
Pozdrawiam
Marcin / nicraM


More information about the Freeradius-Users mailing list