Re: FreeRADIUS 2.0.0-pre2 has been released
Jakob Hirsch wrote: > Quoting Alan DeKok: >> Hmm... hadn't thought of doing it that way. It could be possible. > > Meaning "try it and get back to list when you have the results"? :) No, as in it's not currently enabled. > Allow me to elaborate on that: > > a global listen section: ... > two virtual servers: > > server foo { > client 10.1.0.1 { > secret = secret1 The way it's set up right now, the easiest way to do that is to list the clients globally, not inside of a server. > So 10.1.0.1 and 10.2.0.1 will both send their requests to the server's > address 10.0.0.1, and freeradius will determine by itself (with little > performance penalty) the proper virtual server for the requests? That can be done with little amounts of work. It's probably a good idea, too. See updates in CVS in a few days. raddb/sites-available/README. > But what happens with requests that could be processed by more than one > virtual server? Like, in the example above, if they had both the same > client definition (same ip-address, same secret). Random, sequentially > selected (e.g. first match wins), config error, doomsday? Right now, you configuration won't work. The "listen" section is global, and therefore looks for global clients. The clients are buried inside of a "server" section, so there are *no* known clients. The solution is to put the clients globally, and add a "server=foo" entry in each of them. That way the "listen" section can find the clients, and the clients point to the virtual server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS 2.0.0-pre2 has been released
Quoting Alan DeKok: As I understand the virtual servers, it is possible to have all vservers listen to the same ip/port socket, but have different client configurations. Is that right? Hmm... hadn't thought of doing it that way. It could be possible. Meaning "try it and get back to list when you have the results"? :) And would that be a sensible thing to do in a high traffic environment (many million requests per day)? I'd think that every request would have to be processed by all the vserser instances only to decide that the request has to be discarded by most of them. No. The idea would be do tie a client to a virtual server. Then, all requests from that client would be sent to one, and only one virtual server. That's what I want. Allow me to elaborate on that: a global listen section: listen { ipaddr = 10.0.0.1 type = auth } two virtual servers: server foo { client 10.1.0.1 { secret = secret1 } autz... auth... } server bar { client 10.2.0.1 { secret = secret2 } autz... auth... } So 10.1.0.1 and 10.2.0.1 will both send their requests to the server's address 10.0.0.1, and freeradius will determine by itself (with little performance penalty) the proper virtual server for the requests? And no matter what, a request is handled by *one* virtual server. You seem to be saying that a request will be handled by many in parallel. That will never happen, for the reasons you point out. Ok, that's what I wanted to read :) But what happens with requests that could be processed by more than one virtual server? Like, in the example above, if they had both the same client definition (same ip-address, same secret). Random, sequentially selected (e.g. first match wins), config error, doomsday? (Hm, it's really time to set up a test installation... ) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re : FreeRADIUS 2.0.0-pre2 has been released
Geoffroy Arnoud wrote: > I have a question on virtual servers: can the same instance of a module > (rlm_detail for example) be used in 2 different virtual servers? Yes. > How are managed NO_THREAD_SAFE modules in this case (rlm_detail for example)? Just as in 1.x. The virtual servers affect only configuration, nothing else. In vague pseudocode, 1.x did: process request (config) In 2.x, it's: process request(config(server)) 99% of the code is the same. The modules don't know about virtual servers, and haven't changed. Most of the server core hasn't changed. The only thing that changed was the ability to have multiple configurations, and to choose which one to use dynamically per-request. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re : FreeRADIUS 2.0.0-pre2 has been released
I have a question on virtual servers: can the same instance of a module (rlm_detail for example) be used in 2 different virtual servers? How are managed NO_THREAD_SAFE modules in this case (rlm_detail for example)? Thanks Geoff. _ Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS 2.0.0-pre2 has been released
Jakob Hirsch wrote: > Wow, looks very nice! The unlang will probably will allow us to throw > away some of our own modules. That's the idea. > As I understand the virtual servers, it is possible to have all vservers > listen to the same ip/port socket, but have different client > configurations. Is that right? Hmm... hadn't thought of doing it that way. It could be possible. > And would that be a sensible thing to do in a high traffic environment > (many million requests per day)? I'd think that every request would have > to be processed by all the vserser instances only to decide that the > request has to be discarded by most of them. No. The idea would be do tie a client to a virtual server. Then, all requests from that client would be sent to one, and only one virtual server. And no matter what, a request is handled by *one* virtual server. You seem to be saying that a request will be handled by many in parallel. That will never happen, for the reasons you point out. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS 2.0.0-pre2 has been released
Quoting Alan T DeKok: Hi, After much waiting, 2.0.0-pre2 has been released. It contains MAJOR Wow, looks very nice! The unlang will probably will allow us to throw away some of our own modules. As I understand the virtual servers, it is possible to have all vservers listen to the same ip/port socket, but have different client configurations. Is that right? And would that be a sensible thing to do in a high traffic environment (many million requests per day)? I'd think that every request would have to be processed by all the vserser instances only to decide that the request has to be discarded by most of them. Regards, Jakob - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS 2.0.0-pre2 has been released
[EMAIL PROTECTED] wrote: > yep - the server should ship with an 'exaple' or defauly' entry...but > if you have copied over old config etc then it wouldnt be there...i'd guess > a 'no enabled sites, you want me to do something?' error message > might be more useful Which it does when I simply comment out the reference to "sites-enabled" in radiusd.conf. You're doing something else, and catching a corner case in the code where there's no error message... What exactly you're doing is unknown. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS 2.0.0-pre2 has been released
On Wed 29 Aug 2007, Alan T DeKok wrote: > After much waiting, 2.0.0-pre2 has been released. It contains MAJOR > functionality upgrades from 2.0.0-pre1. The new "unlang" feature can be > used to easily implement most policies. The virtual server support > makes running complicated configurations much easier than before. > > For full details, see: > > http://freeradius.org/press/index.html#freeradius-2.0.0-pre2 > > Please download it and test it. The current pre-release looks to be > very close to what will become a final 2.0.0. I have updated the rpms available on the openSUSE mirrors.. Cheers -- Peter Nixon http://peternixon.net/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS 2.0.0-pre2 has been released
Hi, > ...Because you have to have at least one site in sites-enabled else the > server has nothing to do... yep - the server should ship with an 'exaple' or defauly' entry...but if you have copied over old config etc then it wouldnt be there...i'd guess a 'no enabled sites, you want me to do something?' error message might be more useful alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS 2.0.0-pre2 has been released
Arran Cudbard-Bell wrote: Alan T DeKok wrote: Arran Cudbard-Bell wrote: /usr/local/freeradius-2.0pre2/etc/raddb/radiusd.conf[1572]: Failed to link to module 'rlm_exec': dlopen(/usr/local/freeradius-2.0pre2/lib/rlm_exec-2.0.0-pre2.so, 9): Symbol not found: _debug_flag Referenced from: /usr/local/freeradius-2.0pre2/lib/rlm_exec-2.0.0-pre2.so Expected in: flat namespace Errors setting up modules That's not an rlm_exec problem. It's a shared library problem. rlm_exec just happens to be the first one listed... The difficulty is with shared libraries referencing symbols in the main "radiusd" program. It works on most platforms, but some platforms get excited over it, for reasons I've never understood. And it showed up on some platforms in 1.x, too. Ok . I'll try poking around a bit and see if I can get it to reference properly. I just ported my CVS config across , and now I get something most unusual Starting program: /usr/local/freeradius-2.0pre2/sbin/radiusd -X Reading symbols for shared libraries ..+.. done FreeRADIUS Version 2.0.0-pre2, for host powerpc-apple-darwin8.9.0, built on Aug 29 2007 at 11:30:08 Copyright (C) 2000-2007 The FreeRADIUS server project. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. Config: including file: /usr/local/freeradius-2.0pre2/etc/raddb/radiusd.conf Config: including file: /usr/local/freeradius/etc/raddb/proxy.conf Config: including file: /usr/local/freeradius/etc/raddb/clients.conf Config: including file: /usr/local/freeradius/etc/raddb/snmp.conf Config: including file: /usr/local/freeradius/etc/raddb/eap.conf Config: including file: /usr/local/freeradius/etc/raddb/sql.conf Config: including file: /usr/local/freeradius/etc/raddb/sql/mysql/clients.conf Config: including file: /usr/local/freeradius/etc/raddb/sql/mysql/dialup.conf Config: including file: /usr/local/freeradius/etc/raddb/sql/mysql/counter.conf Config: including files in directory: /usr/local/freeradius/etc/raddb/sites-enabled/ Starting - reading configuration files ... read_config_files: reading dictionary main { prefix = "/usr/local/freeradius" localstatedir = "/usr/local/freeradius/var" logdir = "/usr/local/freeradius/var/log" libdir = "/usr/local/freeradius/lib" radacctdir = "/usr/local/freeradius/var/log" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = yes log_stripped_names = no log_file = "/usr/local/freeradius/var/log/radius.log" log_auth = no log_auth_badpass = no log_auth_goodpass = no pidfile = "/usr/local/freeradius/var/run/radiusd/radiusd.pid" user = "daemon" group = "daemon" checkrad = "/usr/local/freeradius/sbin/checkrad" debug_level = 0 proxy_requests = yes log { syslog_facility = "daemon" } proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } security { max_attributes = 50 reject_delay = 1 status_server = yes } } home_server jrs0 { ipaddr = roaming0.ja.net IP address [194.82.174.185] port = 1812 type = "auth+acct" secret = "mysecret" response_window = 5 max_outstanding = 65536 zombie_period = 30 status_check = "request" ping_check = "none" ping_interval = 30 check_interval = 20 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 3600 status_check_timeout = 4 username = "[EMAIL PROTECTED]" password = "just_testing" } home_server jrs1 { ipaddr = roaming1.ja.net IP address [194.83.56.233] port = 1812 type = "auth+acct" secret = "mysecret" response_window = 5 max_outstanding = 65536 zombie_period = 30 status_check = "request" ping_check = "none" ping_interval = 30 check_interval = 20 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 3600 status_check_timeout = 4 username = "[EMAIL PROTECTED]" password = "just_testing" } home_server jrs2 { ipaddr = roaming2.ja.net IP address [194.83.56.249] port = 1812 type = "auth+acct" secret = "mysecret" response_window = 5 max_outstanding = 65536 zombie_period = 30 status_check = "request" ping_check = "none" ping_interval = 30 check_interval = 20 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 3600 status_check_timeout = 4 username = "[EMAIL PROTECTED]" password = "just_testing" } server_pool jrs_auth { type = client-balance home_server =
Re: FreeRADIUS 2.0.0-pre2 has been released
Arran Cudbard-Bell wrote: Alan T DeKok wrote: Arran Cudbard-Bell wrote: /usr/local/freeradius-2.0pre2/etc/raddb/radiusd.conf[1572]: Failed to link to module 'rlm_exec': dlopen(/usr/local/freeradius-2.0pre2/lib/rlm_exec-2.0.0-pre2.so, 9): Symbol not found: _debug_flag Referenced from: /usr/local/freeradius-2.0pre2/lib/rlm_exec-2.0.0-pre2.so Expected in: flat namespace Errors setting up modules That's not an rlm_exec problem. It's a shared library problem. rlm_exec just happens to be the first one listed... The difficulty is with shared libraries referencing symbols in the main "radiusd" program. It works on most platforms, but some platforms get excited over it, for reasons I've never understood. And it showed up on some platforms in 1.x, too. This isn't a general linker issue, CVS build works fine . It's just that symbol.. and I remember before I had issues with this, as you say on 1.x platforms. If you set the --enable-developer flag on configure everything works fine. -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS 2.0.0-pre2 has been released
Alan T DeKok wrote: Arran Cudbard-Bell wrote: /usr/local/freeradius-2.0pre2/etc/raddb/radiusd.conf[1572]: Failed to link to module 'rlm_exec': dlopen(/usr/local/freeradius-2.0pre2/lib/rlm_exec-2.0.0-pre2.so, 9): Symbol not found: _debug_flag Referenced from: /usr/local/freeradius-2.0pre2/lib/rlm_exec-2.0.0-pre2.so Expected in: flat namespace Errors setting up modules That's not an rlm_exec problem. It's a shared library problem. rlm_exec just happens to be the first one listed... The difficulty is with shared libraries referencing symbols in the main "radiusd" program. It works on most platforms, but some platforms get excited over it, for reasons I've never understood. And it showed up on some platforms in 1.x, too. Ok . I'll try poking around a bit and see if I can get it to reference properly. I just ported my CVS config across , and now I get something most unusual Starting program: /usr/local/freeradius-2.0pre2/sbin/radiusd -X Reading symbols for shared libraries ..+.. done FreeRADIUS Version 2.0.0-pre2, for host powerpc-apple-darwin8.9.0, built on Aug 29 2007 at 11:30:08 Copyright (C) 2000-2007 The FreeRADIUS server project. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. Config: including file: /usr/local/freeradius-2.0pre2/etc/raddb/radiusd.conf Config: including file: /usr/local/freeradius/etc/raddb/proxy.conf Config: including file: /usr/local/freeradius/etc/raddb/clients.conf Config: including file: /usr/local/freeradius/etc/raddb/snmp.conf Config: including file: /usr/local/freeradius/etc/raddb/eap.conf Config: including file: /usr/local/freeradius/etc/raddb/sql.conf Config: including file: /usr/local/freeradius/etc/raddb/sql/mysql/clients.conf Config: including file: /usr/local/freeradius/etc/raddb/sql/mysql/dialup.conf Config: including file: /usr/local/freeradius/etc/raddb/sql/mysql/counter.conf Config: including files in directory: /usr/local/freeradius/etc/raddb/sites-enabled/ Starting - reading configuration files ... read_config_files: reading dictionary main { prefix = "/usr/local/freeradius" localstatedir = "/usr/local/freeradius/var" logdir = "/usr/local/freeradius/var/log" libdir = "/usr/local/freeradius/lib" radacctdir = "/usr/local/freeradius/var/log" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = yes log_stripped_names = no log_file = "/usr/local/freeradius/var/log/radius.log" log_auth = no log_auth_badpass = no log_auth_goodpass = no pidfile = "/usr/local/freeradius/var/run/radiusd/radiusd.pid" user = "daemon" group = "daemon" checkrad = "/usr/local/freeradius/sbin/checkrad" debug_level = 0 proxy_requests = yes log { syslog_facility = "daemon" } proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } security { max_attributes = 50 reject_delay = 1 status_server = yes } } home_server jrs0 { ipaddr = roaming0.ja.net IP address [194.82.174.185] port = 1812 type = "auth+acct" secret = "mysecret" response_window = 5 max_outstanding = 65536 zombie_period = 30 status_check = "request" ping_check = "none" ping_interval = 30 check_interval = 20 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 3600 status_check_timeout = 4 username = "[EMAIL PROTECTED]" password = "just_testing" } home_server jrs1 { ipaddr = roaming1.ja.net IP address [194.83.56.233] port = 1812 type = "auth+acct" secret = "mysecret" response_window = 5 max_outstanding = 65536 zombie_period = 30 status_check = "request" ping_check = "none" ping_interval = 30 check_interval = 20 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 3600 status_check_timeout = 4 username = "[EMAIL PROTECTED]" password = "just_testing" } home_server jrs2 { ipaddr = roaming2.ja.net IP address [194.83.56.249] port = 1812 type = "auth+acct" secret = "mysecret" response_window = 5 max_outstanding = 65536 zombie_period = 30 status_check = "request" ping_check = "none" ping_interval = 30 check_interval = 20 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 3600 status_check_timeout = 4 username = "[EMAIL PROTECTED]" password = "just_testing" } server_pool jrs_auth { type = client-balance home_server = jrs0 home_server = j
Re: FreeRADIUS 2.0.0-pre2 has been released
Arran Cudbard-Bell wrote: > /usr/local/freeradius-2.0pre2/etc/raddb/radiusd.conf[1572]: Failed to > link to module 'rlm_exec': > dlopen(/usr/local/freeradius-2.0pre2/lib/rlm_exec-2.0.0-pre2.so, 9): > Symbol not found: _debug_flag Referenced from: > /usr/local/freeradius-2.0pre2/lib/rlm_exec-2.0.0-pre2.so Expected in: > flat namespace Errors setting up modules That's not an rlm_exec problem. It's a shared library problem. rlm_exec just happens to be the first one listed... The difficulty is with shared libraries referencing symbols in the main "radiusd" program. It works on most platforms, but some platforms get excited over it, for reasons I've never understood. And it showed up on some platforms in 1.x, too. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS 2.0.0-pre2 has been released
Alan T DeKok wrote: ram wrote: is there any distributed model and failover model available. iam looking Central one SERVER and other Servers are distributed model. like client server model any suggestion on same Read the documentation in 2.0.0-pre2. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html /usr/local/freeradius-2.0pre2/etc/raddb/radiusd.conf[1572]: Failed to link to module 'rlm_exec': dlopen(/usr/local/freeradius-2.0pre2/lib/rlm_exec-2.0.0-pre2.so, 9): Symbol not found: _debug_flag Referenced from: /usr/local/freeradius-2.0pre2/lib/rlm_exec-2.0.0-pre2.so Expected in: flat namespace Errors setting up modules # Default config -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS 2.0.0-pre2 has been released
ram wrote: > is there any distributed model and failover model available. > iam looking Central one SERVER and other Servers are distributed model. > like client server model > any suggestion on same Read the documentation in 2.0.0-pre2. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS 2.0.0-pre2 has been released
On 8/29/07, Alan T DeKok <[EMAIL PROTECTED]> wrote: > > After much waiting, 2.0.0-pre2 has been released. It contains MAJOR > functionality upgrades from 2.0.0-pre1. The new "unlang" feature can be > used to easily implement most policies. The virtual server support > makes running complicated configurations much easier than before. > > For full details, see: > > http://freeradius.org/press/index.html#freeradius-2.0.0-pre2 > > Please download it and test it. The current pre-release looks to be > very close to what will become a final 2.0.0. Hi its good to hear this is there any distributed model and failover model available. iam looking Central one SERVER and other Servers are distributed model. like client server model any suggestion on same ram - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS 2.0.0-pre2 has been released
Alan T DeKok wrote: After much waiting, 2.0.0-pre2 has been released. It contains MAJOR functionality upgrades from 2.0.0-pre1. The new "unlang" feature can be used to easily implement most policies. The virtual server support makes running complicated configurations much easier than before. For full details, see: http://freeradius.org/press/index.html#freeradius-2.0.0-pre2 Please download it and test it. The current pre-release looks to be very close to what will become a final 2.0.0. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Yey ! -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html