Opinion about idea

Alan Buxey alan.buxey at gmail.com
Sat Apr 6 11:35:19 CEST 2019


Yes

Various ways of doing this. You could have one master FR server with many
many SQL configs
(And many DBs)

Or one FR server with many tables in one big DB

Or one FR proxying to many backend FR servers


Where that one FR server could be one load balanced cluster really

Cost it out, work out DB requirements (reads can be fast with few updates
happening). This is the sort of thing where is the DB that will make our
break the solution (Personally I'd be looking at AWS with RDS etc)

One of those above solutions scales horizontally to silly levels (with very
very little OS/DB management overhead) It's all about what your finances
can cover

alan

On Fri, 5 Apr 2019, 22:42 Rafael Labiak Olivastro, <rolivastro at hotmail.com>
wrote:

>
> Good afternoon to all,
>
>
>
> Currently I have almost 1000 clients (enterprises) using your own MySQL
> database and FreeRadius instance, working very Well. (each one with their
> own Linux server)
>
> Recently, some of them ask me to host the database and FreeRadius, to
> avoid infra-sctructure problems.
>
>
>
> Is it possible to run just one FreeRadius Server, where it will be
> multiple MySQL databases, and “tell” to FreeRadius authenticate according
> client IP ?
>
>
>
> Example:
>
>
>
> Client Enterprise 1 -> NAS IP 200.200.200.200 --> Then the FreeRadius will
> use MySQL database “client1”
>
> Client Enterprise 2 -> NAS IP 100.100.100.100 --> Then the FreeRadius will
> use MySQL database “client2”
>
> Client Enterprise 3 -> NAS IP 222.222.222.222 --> Then the FreeRadius will
> use MySQL database “client3”
>
>
>
> In this way, every enterprise could have their own usernames, where the
> username “joao” from client1 is diferent than “joao” from client2.
>
> I research a little about virtual servers and sql instances, but I don´t
> know if this is the correct way.
>
>
>
> What do you guys think about it ?
>
>
>
> We are talking about 1000 enterprises and almost 1.000.000 usernames.
>
>
>
> Rafael Labiak Olivastro
>
> http://www.vigo.com.br
>
>
>
>
>
> Enviado do Email<https://go.microsoft.com/fwlink/?LinkId=550986> para
> Windows 10
>
>
>
> ________________________________
> De: Freeradius-Users <freeradius-users-bounces+rolivastro=
> hotmail.com at lists.freeradius.org> em nome de Alan DeKok <
> aland at deployingradius.com>
> Enviado: Friday, April 5, 2019 12:10:28 PM
> Para: FreeRadius users mailing list
> Assunto: Re: Help with external authentication using PHP
>
> On Apr 5, 2019, at 12:03 PM, Ekene Ezeasor <ezeasorekene at gmail.com> wrote:
> > Changing the passwords to clear-text is not an option ofcourse and we do
> > Wi-Fi. Assuming we want to start using the SQL authorization with sha512
> > (with hash). How do I implement the SQL query to check for sha512
> password
> > using the correct hash?
>
>   Are you using TTLS with inner PAP?  If not, then what you want is
> impossible.
>
>   If blowfish doesn't work, then changing to SHA512 hashed passwords won't
> help.
>
>   Understanding the problem helps here.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=02%7C01%7C%7C6e61990faf4e425fb0ae08d6b9e14738%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636900774536523880&sdata=77U%2FMr80B1EYVpHJgEcv9r3c4WdyjQxaINrZVp6hew8%3D&reserved=0
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list