Lemaster, Rob wrote:
> I revewed raddb/sites-available/default and found Post-Proxy "fail";
> Post-Proxy-Type Fail {detail}
> This appears to be to write Accounting logs locally if the remote proxy is
> down.
Yes.
> I'm not clear if this will be enabled if only ONE of the remote proxies are
> down, or if ALL proxies are down. It would go through normal round-robin and
> then only turn on if ALL proxies are down, correct?
No. It is run for a *request*, not for a proxy.
For example, if you have 10,000 home servers, a request will time out
before it can try all of them. It will be then run through the
Post-Proxy-Type Fail section. Because it failed to be proxied.
> I would like to configure a Post-Proxy type action to take if ALL of a
> Realm's remote proxies are down. To be specific, I'd like to configure a
> realm to send access-accepts to all requests for that realm if ALL the remote
> proxies for that realm are unavailable, until they become available again.
> Can this be done here? If so, can you give me a syntax example? I could not
> find that in default, example, or README.
That's something completely different. See proxy.conf:
...
# If a realm exists, but there are no live home servers for
# it, we can fall back to using the "DEFAULT" realm. This is
...
That can work in most situations. However, there's only one DEFAULT
realm, which may be a problem if you have many pools of home servers.
It's probably only about 20 lines of code to add a configurable fallback
for a home_server_pool.
In CVS head, you can proxy to a virtual server. So if you have a
fail-over section, the last one listed could be a virtual server, which
would take care of dealing with the "all home servers are down" problem.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
