two freeradius servers - question for advice

Marcin marcin at nicram.net
Sun Apr 3 16:56:55 CEST 2016 

Hi
So how can I use "Simultaneous-Use := 1" efficiently and without database?


2016-04-01 13:58 GMT+02:00 Marcin <marcin at nicram.net>:

>
>
> 2016-04-01 13:23 GMT+02:00 Alan DeKok <aland at deployingradius.com>:
>
>> On Apr 1, 2016, at 2:59 AM, Marcin <marcin at nicram.net> wrote:
>> > I'm going to start two freeradius servers to authenticate PPPoE users,
>> both
>> > independent of the other. First as primary and second as secondary. I'm
>> > going to start PostgreSQL server also, but in case of unavailability of
>> sql
>> > server freeradius server must have work properly.
>>
>>   What does that mean?
>>
>>   It's always a red flag for me when people say vague things like "it
>> must work properly".  Computers aren't magic.  They don't know your
>> intention, or your requirements.
>>
>
> Yes I know :)
>
>
>
>>
>> > Both freeradius have to have actual data of arleady logged users to
>> provide
>> > simultanieusly use.
>>
>>   i.e. The databases have to replicate data to each other.  Or, each
>> server has to write to both databases.
>>
>>   Database replication is complex.  You really need to have a good
>> understanding of the systems (and their failure modes) before implementing
>> it.
>>
>
> I don't want replicate database.
> I want to have as simple configuration as possible, having two independent
> freeradius server with the same data.
>
>
>>
>> > I'm going to check authenticate in db and if if failed get user from
>> files
>> > (created in background).
>>
>>   Hmm... that would work, I guess.. buy you'd need a cron job (or
>> something similar) to regularly dump the DB to files.
>>
>
>
> no, I'm going to use cron to generate files for radius from database if
> something was canged in db.
>
>
>>
>>   Though the next question is "If the files are up to date, why use a
>> database?"
>>
>
> My first though was not to use database directly, but only for generating
> radius files configurations. but i need to allow onlu 1 conection per
> client so i must use "Simultaneous-Use". I red that reading it from db is
> the best way. so that i want db.
>
>
>
>>
>> > accounitng i'm going to do with linelog and afterwards put in to
>> database.
>>
>>   The server already supports writing and reading "detail" files into the
>> DB.  It doesn't support reading "linelog" entries.
>>
>
>
>> > I need advice from you, more advanced users than me. How to achieve
>> that HA
>> > and avablitity.
>>
>>   The short solution is to set up two independent servers.  Each reads
>> and writes to their own DB.  Then, each replicates accounting traffic to
>> the other.  There are examples of this is raddb/sites-available/
>>
>>   The longer answer is that HA is a complicated configuration.  It's
>> really not possible to describe all of the possibilities, problems, and
>> solutions in a  short email.  You have to understand all of the pieces, and
>> understand the trade-offs each solution has.
>>
>>   To be honest, for less than 10K users, you just don't need HA.  Run one
>> server, and make sure it stays up.
>>
>>   Alan DeKok.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
>
> I don't have to have Full HA. I've few spread PPPoE servers. I want to
> prepare in case if something went wrong with one of freeradius server.
>
>
>
> --
> Pozdrawiam
> Marcin / nicraM
>



-- 
Pozdrawiam
Marcin / nicraM

More information about the Freeradius-Users mailing list