Current setup:
Two FreeBSD machines, each one running radiator (radius1 and radius2)
Two FreeBSD machines, each one running MySQL for the radiator database
(mysql1 and mysql2)
Cisco 3640 router (NAS) terminating L2F sessions for each dialup user
The cisco 3640 is set to try authenticating via radius first on radius1, and
if that times out to authenticate on radius2. Radius1 uses the SQL database
on mysql1 and radius2 uses the SQL database on mysql2. There are some high
availability problems with this setup - if mysql1 goes down, the cisco won't
know it and will keep querying radius1. The cisco does support (at the
latest IOS release) rotating between multiple radius servers, but that would
only let half the folks in.
Changes I want to make:
What's the best way to set up high availability so that any host (except the
router) can fail and things will still work? I'm not currently using
maxlogins (or simultaneous-logins or maxsessions or whatever) but do plan to
in the very near future. I see many possibilities - but the first one I'm
thinking of is to set each of the two radius servers to query sql1 and if
that fails query sql2 (this done via specifying multiple sql servers in the
radius config file). But then the question becomes how to keep the databases
in sync between sql1 and sql2. I could set up some batch process to copy the
databases nightly, but doesn't this get in the way of trying to enforce
multiple logon limits?
On a directly related note - is there any problems with having two copies of
radiator - one on each machine - working on the same database?
Any hints from those who've done this before?? Net result should be two
radiator machines and two sql machines and any one can fail.
Thanks in advance!
Jay West
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
