Re: Proxy Accounting Records only to another MySQL Server
I think I answered my own question. Its all in proxy.conf This looks like exactly what I need to scale out my freeradius servers and leverage my MySQL -> Master-> Master backend. From: eric.hernan...@allegiantair.com To: freeradius-users@lists.freeradius.org Date: 04/28/2010 09:38 AM Subject:Proxy Accounting Records only to another MySQL Server Sent by:freeradius-users-bounces +eric.hernandez=allegiantair@lists.freeradius.org Accounting methods The following accounting logging methods are supported by the server Local 'detail' files Local 'wtmp' and 'utmp' files Proxy to another RADIUS server Replicate to one or more RADIUS servers SQL (Oracle, MySQL, PostgreSQL, Sybase, IODBC, etc) from http://freeradius.org/features.html Hi All, Is it possible to have a freeradius box, that use a local copy of mysql for everything except accounting. The accouting records would be written via a proxy to another MySQL box? If so where do i configure it? Thanks, -Eric- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<>- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy Accounting Records only to another MySQL Server
Accounting methods The following accounting logging methods are supported by the server Local 'detail' files Local 'wtmp' and 'utmp' files Proxy to another RADIUS server Replicate to one or more RADIUS servers SQL (Oracle, MySQL, PostgreSQL, Sybase, IODBC, etc) from http://freeradius.org/features.html Hi All, Is it possible to have a freeradius box, that use a local copy of mysql for everything except accounting. The accouting records would be written via a proxy to another MySQL box? If so where do i configure it? Thanks, -Eric- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Remote MySQL backend encryption
I see thats what I thought, I also confirmed its all clear text with tcpdump. If I were to switch my backend to an ldap system would I have encrypted traffic for user authentication with freeradius remote ldap/backend setup? Also is there a nas/radacct table equivalent in the ldap solution or is it strictly for user authentication? Message: 9 Date: Mon, 26 Apr 2010 15:04:17 -0400 From: John Dennis Subject: Re: Remote MySQL backend encryption To: FreeRadius users mailing list Message-ID: <4bd5e3b1.8060...@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed On 04/26/2010 01:57 PM, eric.hernan...@allegiantair.com wrote: > Hi, > > I am trying to figure out if need to encrypt my traffic from a > FreeRadius server to a remote MySQL backend. > > I have the following setup. > > FreeRadius/MySQL (Server1) > > FreeRadius/MySQL (Server2) Both Server1 and Server2 are doing MySQL > Master to Master (ssl) Replication > > Now I want to add a third FreeRadius server without a local MySQL Backend. > > So this third server will point to either Server1 or Server2 which runs > MySQL but will these request be sent to the remote MySQL Servers in > clear text? This has nothing to do with how many MySQL servers you've got or how you're doing replication, encryption occurs on a per connection basis (e.g. connections established via rlm_sql_mysql). rlm_sql_mysql never opens an encrypted session with it's server because rlm_sql_mysql does not have an option to set SSL/TLS transport (e.g. does not call mysql_ssl_set()). That probably would be a good feature to add. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Remote MySQL backend encryption
Hi, I am trying to figure out if need to encrypt my traffic from a FreeRadius server to a remote MySQL backend. I have the following setup. FreeRadius/MySQL (Server1) FreeRadius/MySQL (Server2) Both Server1 and Server2 are doing MySQL Master to Master (ssl) Replication Now I want to add a third FreeRadius server without a local MySQL Backend. So this third server will point to either Server1 or Server2 which runs MySQL but will these request be sent to the remote MySQL Servers in clear text? -Thanks Eric- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
log_badlogins include SRC IP Address
Hi, I am trying to configure the log_badlogins to include the src IP address of the client host. I am noticing that in the radius.log does not include the src IP. Example. Fri Mar 19 15:11:39 2010 : Auth: Login incorrect: [jack] (from client testswitch port 0) Does anyone know how to change either radius or syslog-ng to include the src ip of the host that is attempting to break in? -Eric - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html