Lemaster, Rob wrote: > I revewed raddb/sites-available/default and found Post-Proxy "fail"; > Post-Proxy-Type Fail {detail} > This appears to be to write Accounting logs locally if the remote proxy is > down.
Yes. > I'm not clear if this will be enabled if only ONE of the remote proxies are > down, or if ALL proxies are down. It would go through normal round-robin and > then only turn on if ALL proxies are down, correct? No. It is run for a *request*, not for a proxy. For example, if you have 10,000 home servers, a request will time out before it can try all of them. It will be then run through the Post-Proxy-Type Fail section. Because it failed to be proxied. > I would like to configure a Post-Proxy type action to take if ALL of a > Realm's remote proxies are down. To be specific, I'd like to configure a > realm to send access-accepts to all requests for that realm if ALL the remote > proxies for that realm are unavailable, until they become available again. > Can this be done here? If so, can you give me a syntax example? I could not > find that in default, example, or README. That's something completely different. See proxy.conf: ... # If a realm exists, but there are no live home servers for # it, we can fall back to using the "DEFAULT" realm. This is ... That can work in most situations. However, there's only one DEFAULT realm, which may be a problem if you have many pools of home servers. It's probably only about 20 lines of code to add a configurable fallback for a home_server_pool. In CVS head, you can proxy to a virtual server. So if you have a fail-over section, the last one listed could be a virtual server, which would take care of dealing with the "all home servers are down" problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html