Hello Brett, Hello Everyone -
My advice is to do the following:
1. Configure your NAS(s) to point at one or the other of two load balancing
Radiator proxies outside your firewall. These can be very modest machines
just running Radiator and tcpwrapper or similar for security.
2. Configure the load balancing proxies to point to two or more Radiator
processing hosts inside the firewall. Use the AuthBy LOADBALANCE clause and
add caching and local file accounting on fail (available in Radiator 2.18).
This will allow your customers (who have dialed up within the caching window)
to authenticate, and you will have a flat file accounting record that you can
subsequently process to add the details to the customer records.
3. Build and configure two or more Radiator processing hosts inside your
firewall. Configure these hosts to run against your SQL host.
4. Build a *very* solid database host with multiprocessor and hot-swap RAID
disk array.
This is not the only solution of course, but at least this one is relatively
easy, simple and inexpensive.
regards
Hugh
On Friday 23 March 2001 10:23, Brett Murphy wrote:
> I have the same issue, and I am going to implement a MySQL server that has
> high availability.
> ie, dual processor, redundant power supply etc.
>
> What I really would like is a sample config on how to get radiator to just
> "auth everyone" on database fail, at least the customers wont notice then.
>
> At 09:14 AM 3/22/2001 +0100, Dirk Laan wrote:
> >Hello,
> >
> >How do I build a failover for our database ?
> >We're using MySql.
> >
> >For example:
> >The Radius server is still working but it can't connect to the database.
> >
> >Any help would be great.
> >
> >I've include the config
> >
> >Regards,
> >
> >Dirk Laan
> >Foreground
> >Trace 4
> >LogStdout
> >LogDir /var/log
> >LogFile /var/log/%Y-radius.log
> >DbDir .
> >
> ><Client x.x.x.x>
> > Identifier Cisco
> > Secret xxx
> > DupInterval 0
> ></Client>
> >
> ><Client x.x.x.x>
> > Identifier Ascend
> > Secret xxxx
> > DupInterval 0
> ></Client>
> >
> ><Client DEFAULT>
> > Secret mysecret
> > DupInterval 0
> ></Client>
> >
> ><ClientListSQL>
> > DBSource dbi:mysql:radius
> > DBUsername radius
> > DBAuth radius
> ></ClientListSQL>
> >
> ><AddressAllocator SQL>
> > Identifier RDCAllocator
> > DBSource dbi:mysql:radius
> > DBUsername radius
> > DBAuth radius
> >
> > DefaultLeasePeriod 86400
> > LeaseReclaimInterval 3600
> >
> > <AddressPool x.x.x.x-1>
> > Range x.x.x.x x.x.x.x
> > </AddressPool>
> >
> > <AddressPool x.x.x.x-2>
> > Range x.x.x.x x.x.x.x
> > </AddressPool>
> >
> > <AddressPool NULAD-1>
> > Range x.x.x.x x.x.x.x
> > </AddressPool>
> >
> > <AddressPool NULAD-2>
> > Range x.x.x.x x.x.x.x
> > </AddressPool>
> >
> ></AddressAllocator>
> >
> >
> ><SessionDatabase SQL>
> > DBSource dbi:mysql:radius
> > DBUsername radius
> > DBAuth radius
> >
> > CountQuery \
> > select NASIDENTIFIER, NASPort, AcctSessionID from
> > RADONLINE \
> > where UserName='%n'
> ></SessionDatabase>
> >
> ># configure AuthBy SQL for authentication
> >
> ><AuthBy SQL>
> > Identifier InitialAuth
> >
> >
> > DBSource dbi:mysql:radius
> > DBUsername radius
> > DBAuth radius
> >
> > AuthSelect select AUTHTYPE, PASSWORD from RDC where USERNAME =
> > '%n'
> >
> > AuthColumnDef 0, Auth-Type, check
> > AuthColumnDef 1, User-Password, check
> >
> > StripFromReply Group-ID
> >
> > AddToReply Service-Type=Framed-User, Framed-Protocol=PPP,
> > cisco-avpair=
> >"ip:dns-servers=x.x.x.x"
> ></AuthBy>
> >
> ># configure AuthBy SQL for GID
> >
> ><AuthBy SQL>
> > Identifier SQL_GetGID
> >
> > DBSource dbi:mysql:radius
> > DBUsername radius
> > DBAuth radius
> >
> > AuthSelect select GROUPID, SIMUSE from RDC where USERNAME = '%n'
> >
> > AuthColumnDef 0, Group-ID, reply
> > AuthColumnDef 1, Simultaneous-Use, check
> >
> > NoDefault
> ></AuthBy>
> >
> ># configure AuthBy SQL for Fixed IP
> >
> ><AuthBy SQL>
> > Identifier Fixed_IP
> >
> > DBSource dbi:mysql:radius
> > DBUsername radius
> > DBAuth radius
> >
> > AuthSelect select STATICVST, SIMUSE from RDC where USERNAME =
> > '%n'
> >
> > AuthColumnDef 0, Framed-IP-Address, reply
> > AuthColumnDef 1, Simultaneous-Use, check
> >
> > NoDefault
> >
> ></AuthBy>
> >
> ># configure AuthBy DYNADDRESS for Dynamic IP
> >
> ><AuthBy DYNADDRESS>
> > Identifier Dynamic_IP
> > Allocator RDCAllocator
> > PoolHint %{NAS-IP-Address}-%{Reply:Group-ID}
> > StripFromReply Group-ID
> > MapAttribute yiaddr, Framed-IP-Address
> ></AuthBy>
> >
> ># configure AuthBy SQL for accounting
> >
> ><AuthBy SQL>
> > Identifier AuthAccounting
> >
> >
> > DBSource dbi:mysql:radius
> > DBUsername radius
> > DBAuth radius
> >
> > AuthSelect
> >
> > AccountingTable ACCOUNTING
> > AcctColumnDef USERNAME,User-Name
> > AcctColumnDef TIME_STAMP,Timestamp,integer
> > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> > AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> > AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> > AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> > AcctColumnDef NASIDENTIFIER,NAS-Identifier
> > AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> > AcctColumnDef NASPORT,NAS-Port,integer
> > AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> > AcctColumnDef DNIS,Called-Station-Id
> > AcctColumnDef CLID,Calling-Station-Id
> ></AuthBy>
> >
> ># configure AuthBy GROUP for Static IP
> >
> ><AuthBy GROUP>
> > Identifier AuthStatic
> >
> > AuthByPolicy ContinueWhileAccept
> > AuthBy Fixed_IP
> > AddToReply Class = Fixed_IP
> ></AuthBy>
> >
> ># configure AuthBy GROUP for Dynamic IP
> >
> ><AuthBy GROUP>
> > Identifier AuthDynamic
> >
> > AuthByPolicy ContinueWhileAccept
> > AuthBy SQL_GetGID
> > AuthBy Dynamic_IP
> ></AuthBy>
> >
> ># configure Handlers for accounting
> >
> ><Handler Request-Type=Accounting-Request, Class = Fixed_IP>
> > AuthBy AuthAccounting
> ></Handler>
> >
> ><Handler Request-Type=Accounting-Request>
> > AuthByPolicy ContinueAlways
> > AuthBy AuthAccounting
> > AuthBy AuthDynamic
> ></Handler>
> >
> ># configure Handlers for authentication
> >
> ><Handler>
> > AuthBy InitialAuth
> > AuthByPolicy ContinueWhileAccept
> ></Handler>
> >
> >
> ><Handler Client-Identifier = Cisco>
> > <AuthBy GROUP>
> > AuthBy InitialAuth
> > AddToReply cisco-avpair="ip:dns-servers=x.x.x.x"
> > </AuthBy>
> ></Handler>
> >
> ><Handler Client-Identifier = Ascend>
> > <AuthBy GROUP>
> > AuthBy InitialAuth
> > AddToReply Ascend- ......
> > </AuthBy>
> ></Handler>
>
> All the best,
> Brett Murphy
> Director, Alphalink (Australia) PTY LTD
> ph: +61 3 9495-9000 fax: +61 3 9486-6822
> email: [EMAIL PROTECTED]
>
> The contents of this message may not be quoted,
> copied, reproduced or published in part or in whole,
> without the written authorization of Brett Murphy,
> Director, Alphalink (Australia) Pty Ltd.
>
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
