Re: Restarting radiusd remotly

[QCI Internet]

One solution I have implemented, which may or may not be the best way to go about this is:   Create a small perl or c script to make any necessary changes to the user files, etc. At the end of this script, put the sighup command to restart radius and commit changes. Set this script to suid root, but don't allow write permissions to this file. So now you have a working file to do what you need it to whenever you call it.   -- Then --   Create a user called something like radsighup. Then add an exec-program in the user file like this.   radsighup         Exec-Program = "path/to/your/script" Then if you need to make changes or whatever, just use the client program to send the radsighup user name in an auth request to the remote radius servers.   ---- Jeff Jarchow QCI Internet http://www.qcinet.net/     ----- Original Message ----- From: Mike Ockenga To: [EMAIL PROTECTED] Sent: Wednesday, January 15, 2003 11:07 AM Subject: RE: Restarting radiusd remotly Um, wouldn't a cron job on each box that checks fairly often (every minute or two) for a modified users file (or raddb directory) and HUPs radiusd if the check returns true do the job?  That way a file sync would trigger the HUP on all boxes more or less at the same time.   However, in the past here we've used a partially staggered sync/HUP.  This prevented a catastrophic AAA failure in the case where a single corrupt or empty users file got copied out to the primary RADIUS box(es).  Having one RADIUS server sync-up lag behind by 60 minutes gives you an hour of "mostly up" while you correct the corruption problem. -- ______________________________________________________ Mike Ockenga, CCNP             [EMAIL PROTECTED] Network Engineer II               Voice: 952/230-4673 Onvoy Inc. 300 North Highway 169           Minneapolis, MN 55441 _____________________________________________________ -----Original Message----- From: Dickon Newman [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 9:47 AM To: [EMAIL PROTECTED] Subject: Restarting radiusd remotly Again, I've tried to search the archives without much luck.   I have multiple radius boxes (FreeBSD), and currently use rsync to update the users file (and others).  However, I need to restart radiusd to notice the changes in the files.  I can make a script that sends a kill -9 locally, but what about remotely?  Root cannot ssh, and normal users cannot send a kill -9 to a root process?   Has anyone else had this problem?   I understand that proxying may be a better approach, however, I have to work within certain constraints :-/   Dickon...