subject:"freeradius failover\-through proxy or other way\?"

freeradius failover-through proxy or other way?

2011-03-16 Thread Martin Lambev

I'm really beginner in freeradius realm, and in advance sorry if the 
question is immature...


After rading all wiki - freeradius, still is not clear to me, is it 
possible to do failover-through proxy, and how to organize the things 
that I want to accomplish. Explanation fallow:


Now I have the fallowing setup: node 1 - NAS (pptp, openvpn) - server 2 
(freeradius + mysql as backed)
I red in documentation about 2 or 3 mysql db and how to do fail-over, 
load-balancing and redundancy, but If I do it like that when freeradius 
server fail, the whole setup is down.


I want to add another node as second NAS so the things will become like 
this:



node 1 - NAS (pptp, openvpn) - server 2 AAA (freeradius+mysql)
node 3 - NAS (  l2tp) -^

I want to have redundancy in case server 2 AAA (freeradius + mysql as 
backend) fail, second server 4 AAA to take over with exactly the same 
setup (freeradius + mysql backend).. Should I use freeradius proxy on 
every node??? other solution? So the thigs needs to become like this:


node 1 - NAS (+freeradius proxy?)--|  Internet  |---server 2 master 
(freeradius+mysql, location ex.US ) node 3 - NAS (+freeradius 
proxy?)--|  Internet  |---server 4 slave (freeradius+mysql, location ex.EU )


I want to have mysql db to be updated (to have mirror copy) on booth 
server 2,4 in real time. The purpose of this set up is redundancy  if 
one of the AAA server is down the other one to take over without impact 
over node 1,3 ( temporary user disconnect is acceptable )


Or may be there is other way to do so?

Any advices are welcomed, correction or hints anything that can help 
me see better :)


Best Regards,

Martin






-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius failover-through proxy or other way?

2011-03-16 Thread Alan DeKok

Martin Lambev wrote:
 After rading all wiki - freeradius, still is not clear to me, is it
 possible to do failover-through proxy, and how to organize the things
 that I want to accomplish. Explanation fallow:

  See raddb/proxy.conf.

 Now I have the fallowing setup: node 1 - NAS (pptp, openvpn) - server 2
 (freeradius + mysql as backed)
 I red in documentation about 2 or 3 mysql db and how to do fail-over,
 load-balancing and redundancy, but If I do it like that when freeradius
 server fail, the whole setup is down.

  Exactly.

 I want to add another node as second NAS so the things will become like
 this:

 node 1 - NAS (pptp, openvpn) - server 2 AAA (freeradius+mysql)
 node 3 - NAS (  l2tp) -^
 
 I want to have redundancy in case server 2 AAA (freeradius + mysql as
 backend) fail, second server 4 AAA to take over with exactly the same
 setup (freeradius + mysql backend).. Should I use freeradius proxy on
 every node??? other solution? So the thigs needs to become like this:

  The NASes should do fail-over by listing a primary  secondary RADIUs
server.

 node 1 - NAS (+freeradius proxy?)--|  Internet  |---server 2 master
 (freeradius+mysql, location ex.US ) node 3 - NAS (+freeradius
 proxy?)--|  Internet  |---server 4 slave (freeradius+mysql, location
 ex.EU )
 
 I want to have mysql db to be updated (to have mirror copy) on booth
 server 2,4 in real time. The purpose of this set up is redundancy  if
 one of the AAA server is down the other one to take over without impact
 over node 1,3 ( temporary user disconnect is acceptable )

  See raddb/sites-enabled/copy-acct-to-home-server

 Or may be there is other way to do so?

  There are lots of ways to do it.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius failover-through proxy or other way?

2011-03-16 Thread Martin Lambev

On 03/16/2011 07:00 PM, freeradius-users-requ...@lists.freeradius.org 
wrote:

Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-requ...@lists.freeradius.org

You can reach the person managing the list at
freeradius-users-ow...@lists.freeradius.org

When replying, please edit your Subject line so it is more specific
than Re: Contents of Freeradius-Users digest...


Today's Topics:

1. Re: SQL Counter Escape String ! (Alan DeKok)
2. Re: SQL Counter Escape String ! (Suman Dash)
3. Re: freeradius failover-through proxy or other way? (Alan DeKok)


--

Message: 1
Date: Wed, 16 Mar 2011 11:39:54 +0100
From: Alan DeKokal...@deployingradius.com
Subject: Re: SQL Counter Escape String !
To: su...@clydontech.com,   FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID:4d80937a.5010...@deployingradius.com
Content-Type: text/plain; charset=ISO-8859-1

Suman Dash wrote:

  Hi Alan,

Did you managed to look into the issue ?

   No.


or maybe any hints on how to use DATETIME in Expiration instead of String ?

   Honestly, in 2.1.10, you can just write SELECT statements directly in
unlang.

update reply {
Session-Timeout := %{sql: SELECT ...}
}

   Couple that with a few other things, and you should be able to replace
the sqlcounter module entirely.

   i.e. I don't use that module, and I know little or nothing about it.
I have little time to do anything with it.

   Alan DeKok.


--

Message: 2
Date: Wed, 16 Mar 2011 16:13:49 +0530
From: Suman Dashsu...@clydontech.com
Subject: Re: SQL Counter Escape String !
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID:4d809465.2050...@clydontech.com
Content-Type: text/plain; charset=iso-8859-1; Format=flowed

Much thanks Alan,

That was some really good advice on how to make the thing work.

So now i have to write unlang statement in preprocess so that it
directly gives the Session-Timeout . Please correct me if i am wrong.

Thanks Again
On 3/16/2011 4:09 PM, Alan DeKok wrote:

Suman Dash wrote:

   Hi Alan,

Did you managed to look into the issue ?

No.


or maybe any hints on how to use DATETIME in Expiration instead of String ?

Honestly, in 2.1.10, you can just write SELECT statements directly in
unlang.

update reply {
Session-Timeout := %{sql: SELECT ...}
}

Couple that with a few other things, and you should be able to replace
the sqlcounter module entirely.

i.e. I don't use that module, and I know little or nothing about it.
I have little time to do anything with it.

Alan DeKok.


__ Information from ESET NOD32 Antivirus, version of virus signature 
database 5924 (20110303) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com





-- next part --
An HTML attachment was scrubbed...
URL:https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110316/6e29e23e/attachment.html

--

Message: 3
Date: Wed, 16 Mar 2011 11:50:00 +0100
From: Alan DeKokal...@deployingradius.com
Subject: Re: freeradius failover-through proxy or other way?
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID:4d8095d8.2080...@deployingradius.com
Content-Type: text/plain; charset=ISO-8859-1

Martin Lambev wrote:

After rading all wiki - freeradius, still is not clear to me, is it
possible to do failover-through proxy, and how to organize the things
that I want to accomplish. Explanation fallow:

   See raddb/proxy.conf.


Now I have the fallowing setup: node 1 - NAS (pptp, openvpn) -  server 2
(freeradius + mysql as backed)
I red in documentation about 2 or 3 mysql db and how to do fail-over,
load-balancing and redundancy, but If I do it like that when freeradius
server fail, the whole setup is down.

   Exactly.


I want to add another node as second NAS so the things will become like
this:

node 1 - NAS (pptp, openvpn) -  server 2 AAA (freeradius+mysql)
node 3 - NAS (  l2tp) -^

I want to have redundancy in case server 2 AAA (freeradius + mysql as
backend) fail, second server 4 AAA to take over with exactly the same
setup (freeradius + mysql backend).. Should I use freeradius proxy on
every node??? other solution? So the thigs needs to become like this:

   The NASes should do fail-over by listing a primary  secondary RADIUs
server.


node 1 - NAS (+freeradius proxy?)--|  Internet  |---server 2 master
(freeradius+mysql, location ex.US ) node 3 - NAS (+freeradius
proxy?)--|  Internet  |---server 4 slave (freeradius+mysql

freeradius failover-through proxy or other way?

Re: freeradius failover-through proxy or other way?

Re: freeradius failover-through proxy or other way?

3 matches

Site Navigation

Mail list logo

Footer information