Question on dynamic home_server
Alan DeKok
aland at deployingradius.com
Tue Jun 14 19:48:17 UTC 2022
On Jun 14, 2022, at 12:03 AM, Yushu Shi (yusshi) via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Need some help with using freeradius as a proxy to two radius server pools.
> The requirement is like below:
I agree with Michael here. This is not an appropriate use-case.
> * There are two server pools, identified with host names: primary.radius.myorg.com and secondary.radius.myorg.com.
> * DNS request to the two host names returns the IP addresses of several servers in the pool in a round robin fashion, i.e, “host primary.radius.myorg.com” command returns 3 IP addresses.
> * IP address of each server may get changed. Need to honor DNS TTL timer.
> * All auth requests should be directed to the hosts in the primary pool round robin, and only fail over to the secondary if all hosts behind the primary are unresponsive.
>
> Is there any way to accomplish these requirements without restarting the process? How should I create the home_server pools in proxy.conf to do this?
You can't do this, and you shouldn't do this.
DNS round robin is when you have many clients (e.g. thousands or more), and you want them to spread their connections across many back-end servers. This isn't the case with RADIUS.
With RADIUS, you have one RADIUS server. It knows how to spread it's packets across multiple back-ends.
This requirement won't do what you want, and it won't work with FreeRADIUS.
Alan DeKok.
More information about the Freeradius-Users
mailing list