mysql replication vs. radrelay
hello, I have a redundant radius server setup with two radius servers. On each of the servers freeradius 1.1.1 and mysql is running. If the primary server goes down the AC falls back to the secondary server. To keep the databases (except the radacct table) synchronised I use MySQL replication. But I'm not sure which is the best way to replicate the accounting information: using radrelay or mysql-replication, too? Besides the man page for radrelay says "The functions of radrelay have been added to radiusd". I couldn't find any documentation about this feature. Any hints? regards, olaf -- Olaf Schäfer <[EMAIL PROTECTED]> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql replication vs. radrelay
On Thu, 2006-06-04 at 23:01 +0200, Olaf Schäfer wrote: > hello, > > I have a redundant radius server setup with two radius servers. On each > of the servers freeradius 1.1.1 and mysql is running. If the primary > server goes down the AC falls back to the secondary server. To keep the > databases (except the radacct table) synchronised I use MySQL > replication. But I'm not sure which is the best way to replicate the > accounting information: using radrelay or mysql-replication, too? > > Besides the man page for radrelay says "The functions of radrelay > have been added to radiusd". I couldn't find any documentation about > this feature. Any hints? > > regards, > olaf There are many schools of thought on that. Some prefer SQL replication, others suggest it is better to build it into the management system. If you have lots of people managing the accounts and you may need a different method, than someone with only a few people maintaining accounts, since table locking and connection load balancing could become an issue. In some cases batch processing is acceptable, in other cases it can be detrimental. Can you give us an idea, about how many people will be changing user info and at what rate you would be expecting additions, modifications and removals? It would be helpful for those of us designing management systems, so we can test for possible conflicts and performance issues. I am not yet working on the SQL maintenance portion of my project but it would be helpful for me to have that information in order to do some preliminary planning. Some replication methods scale better than others, but have their own drawbacks and difficulties. PS Have you had a chance to try my PHP radiusd.conf configuration parser ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql replication vs. radrelay
On Fri 07 Apr 2006 00:01, Olaf Schäfer wrote: > hello, > > I have a redundant radius server setup with two radius servers. On each > of the servers freeradius 1.1.1 and mysql is running. If the primary > server goes down the AC falls back to the secondary server. To keep the > databases (except the radacct table) synchronised I use MySQL > replication. But I'm not sure which is the best way to replicate the > accounting information: using radrelay or mysql-replication, too? My last experience with MySQL master-master replication and FreeRADIUS was that mysql corrupted my radacct table within 24 hours. This was 4-5 years ago, however you have to understand the constraints of databases and the fact that sql replication is a "hard" problem. radrelay on the other hand is easy and works perfectly! > Besides the man page for radrelay says "The functions of radrelay > have been added to radiusd". I couldn't find any documentation about > this feature. Any hints? > > regards, > olaf -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpte1Fc2jOaB.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql replication vs. radrelay
Olaf =?ISO-8859-1?Q?Sch=E4fer?= <[EMAIL PROTECTED]> wrote: > I have a redundant radius server setup with two radius servers. On each > of the servers freeradius 1.1.1 and mysql is running. If the primary > server goes down the AC falls back to the secondary server. To keep the > databases (except the radacct table) synchronised I use MySQL > replication. But I'm not sure which is the best way to replicate the > accounting information: using radrelay or mysql-replication, too? I would suggest radrelay. The reason is that (in DB terms) it uses a journal of what has to be replicated: RADIUS packets. > Besides the man page for radrelay says "The functions of radrelay > have been added to radiusd". I couldn't find any documentation about > this feature. Any hints? It shouldn't say that in the 1.1.1 release. radrelay should still be there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql replication vs. radrelay
> > Besides the man page for radrelay says "The functions of radrelay > > have been added to radiusd". I couldn't find any documentation about > It shouldn't say that in the 1.1.1 release. radrelay should still > be there. I know it's there and it's working great :) I'm only curious about this feature. Olaf -- Olaf Schäfer <[EMAIL PROTECTED]> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql replication vs. radrelay
Am Donnerstag, den 06.04.2006, 15:48 -0600 schrieb Guy Fraser: > Some prefer SQL replication, others suggest it is better to build it > into the management system. If you have lots of people managing > the accounts and you may need a different method, than someone No, fortunately I don't. > Can you give us an idea, about how many people will be changing > user info and at what rate you would be expecting additions, > modifications and removals? This issue has to parts. The first is to change user info manually. There won't be more than 3 people. The second part is automated user info adding & changing for prepaid user. The idea is that users can send a premium GSM short message, get there password via sms and are allowed to use our wlan hotspots for one hour. The rate of manual user-info change won't be very high (<=5 per day). I expect the higher rate for the automated hotspot system. > PS Have you had a chance to try my PHP radiusd.conf configuration > parser ? Not yet! That's what I'm looking for. I've already started to do something in this direction regarding ip-pools. Where can I find your parser? regards, Olaf -- Olaf Schäfer <[EMAIL PROTECTED]> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql replication vs. radrelay
> My last experience with MySQL master-master replication and FreeRADIUS was > that mysql corrupted my radacct table within 24 hours. This was 4-5 years That was exactly my concern. > > radrelay on the other hand is easy and works perfectly! That's right :) So I think I'm gonna use radrelay. regards, Olaf -- Olaf Schäfer <[EMAIL PROTECTED]> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql replication vs. radrelay
Olaf Schäfer wrote: > I'm not sure which is the best way to replicate the accounting > information: using radrelay or mysql-replication, too? To replicate accounting records to one (central) database, I'd suggest to use radsqlrelay and the rlm_sql_log module. I'm using this mechanism in production environment for more than a year and never had any problem, even under heavy load. (unlike radrelay) In version 1.1.x there are manpages for radsqlrelay and rlm_sql_log. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql replication vs. radrelay
> > Not yet! That's what I'm looking for. I've already started to do > something in this direction regarding ip-pools. Where can I find your > parser? ok. I just committed a new version of sqlippool to the 1.1.x branch. Haven't committed any docs yet so you are kind of on your own until we get around to writing them. The basic idea is that it works in a similar manner to the standard sql module and requires all pool data to be prepopulated by hand (or a web interface etc) This means that ippools can be added on the fly to sql and radius magically finds them for the next request. No config changes or HUP required! Enjoy -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgprp5AHVZvX4.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql replication vs. radrelay
On Fri, 2006-07-04 at 10:12 +0200, Olaf Schäfer wrote: > Not yet! That's what I'm looking for. I've already started to do > something in this direction regarding ip-pools. Where can I find your > parser? > > regards, > Olaf The quick site I set up hosting the files is at: http://sphinx.incentre.net/radius.html Let me know what you think. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql replication vs. radrelay
> http://sphinx.incentre.net/radius.html Not bad. I've began something similar only for IP pools but Peter Nixon announced an sql_ippool module which also stores the configuration information in the mysql-DB, so I stopped coding and witing for it :) > > Let me know what you think. It's a good basis to make freeradius fully configurable via dialup admin. It shouldn't be that difficult to generate config files using the variables of your parser. When I have my production system running (migration from MS-IAS to freeradius) I'm going to do some efforts in this direction. Olaf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql replication vs. radrelay
On Thu, 2006-20-04 at 10:08 +0200, Olaf Schaefer wrote: > > http://sphinx.incentre.net/radius.html > > Not bad. I've began something similar only for IP pools but Peter Nixon > announced an sql_ippool module which also stores the configuration > information in the mysql-DB, so I stopped coding and witing for it :) > > > > > Let me know what you think. > > It's a good basis to make freeradius fully configurable via dialup > admin. It shouldn't be that difficult to generate config files using the > variables of your parser. > > When I have my production system running (migration from MS-IAS to > freeradius) I'm going to do some efforts in this direction. > > Olaf I have given up on dialup-admin for now. It seemed broken when I tested the version that comes with 1.1.1, and there are parts that need too much work for what I want. I also don't like the php3 extensions since it is in php4 and have been unable to have those and some other changes accepted in CVS. I have not fully read the licence dialup-admin uses so I decided to start from scratch without referencing it at all. Unfortunately I haven't had any time to continue with this project lately, and you are the first one to respond to me about it. I have a Cisco NetFlow analyzer and traffic accounting system that I need to write as well. I am also considering using C and the wxWidget cross platform libraries to design a more comprehensive Integrated Management System, but I will need to learn how to build a GUI app first. So far I have only built console and web based GUI apps, but PHP and Java may not work for the end project. I will need hierarchal administration and access control for my implementation. The system will also need the ability to search for related accounts and quickly navigate between them, and produce reports and audit trails. Since I have experience accessing PostgreSQL in C and have some libraries I built for our current system, it may not be overly difficult to build a proper cross platform GUI interface. I have Windows, Linux, FreeBSD as well as PPC and Intel Macs with OS9 and OS X in our office now and have had a similar variety in the past, which is why I had been using web based GUI projects in the past, but I recently cam across a tutorial for wxWidgets. I got a ton of stuff to do today, see you later. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql replication vs. radrelay
> I have given up on dialup-admin for now. It seemed broken when for now but not forever ;) > I tested the version that comes with 1.1.1, and there are parts > that need too much work for what I want. I also don't like the > I use version 1.80 from the CVS snapshot. It seems quit stable > php3 extensions since it is in php4 and have been unable to > Yes, the php3 extension are funny > have those and some other changes accepted in CVS. I have not What do you mean?^^^ > fully read the licence dialup-admin uses so I decided to start After you mentioned the licence issue I got curious and searched dialup-admin. I found: "This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version." > from scratch without referencing it at all. That sounds like much work > that I need to write as well. I am also considering using C > and the wxWidget cross platform libraries to design a more > comprehensive Integrated Management System, but I will need Ambitious plan :) Do want to do it all on your own? > to learn how to build a GUI app first. So far I have only built > console and web based GUI apps, but PHP and Java may not work > for the end project. > > I will need hierarchal administration and access control for > my implementation. The system will also need the ability to search > for related accounts and quickly navigate between them, and produce > reports and audit trails. Since I have experience accessing In my eyes that's all "only" ;) a question of DB-queries. So I don't see the advantage (for my needs) of programing a new "DB-Interface". Have you tried "freeside" (http://www.sisd.com/freeside)?. I can't tell you much about it I only had a glance at it. AFAIK it offers for instance automated invoices. CU Olaf -- Olaf Schaefer <[EMAIL PROTECTED]> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql replication vs. radrelay
On Tue, 2006-25-04 at 07:19 +0200, Olaf Schaefer wrote: > > I have given up on dialup-admin for now. It seemed broken when > > for now but not forever ;) Who knows.;-) > > > I tested the version that comes with 1.1.1, and there are parts > > that need too much work for what I want. I also don't like the > > > I use version 1.80 from the CVS snapshot. It seems quit stable > 1.8 ? > > php3 extensions since it is in php4 and have been unable to > > > Yes, the php3 extension are funny > > > have those and some other changes accepted in CVS. I have not > > What do you mean?^^^ A fair while ago I spent a considerable amount of time making patches to allow dialup_admin to work with PostgreSQL and NetSNMP. I also made some other enhancements which are noted in a file in the documentation directory. The last batch of patches I submitted were not accepted, and after a while I gave up on it to work on other more urgent projects. > > > fully read the licence dialup-admin uses so I decided to start > > After you mentioned the licence issue I got curious and searched > dialup-admin. I found: > > "This program is free software; you can redistribute it and/or > modify it under the terms of the GNU General Public License > as published by the Free Software Foundation; either version > 2 of the License, or (at your option) any later version." > That's right. I would have to study the GPL and FSF licences, to understand the implications. > > > from scratch without referencing it at all. > > That sounds like much work It's like eating an Elephant. Start off with small bites, and just keep on munching, until eventually your done. > > > that I need to write as well. I am also considering using C > > and the wxWidget cross platform libraries to design a more > > comprehensive Integrated Management System, but I will need > > Ambitious plan :) Do want to do it all on your own? I am still mulling it over. > > > to learn how to build a GUI app first. So far I have only built > > console and web based GUI apps, but PHP and Java may not work > > for the end project. > > > > > I will need hierarchal administration and access control for > > my implementation. The system will also need the ability to search > > for related accounts and quickly navigate between them, and produce > > reports and audit trails. Since I have experience accessing > > In my eyes that's all "only" ;) a question of DB-queries. So I don't see > the advantage (for my needs) of programing a new "DB-Interface". Have > you tried "freeside" (http://www.sisd.com/freeside)?. I can't tell you > much about it I only had a glance at it. AFAIK it offers for instance > automated invoices. My Boss ruled it out. He doesn't want a bunch of bits and pieces that are loosely coupled. Unfortunately, what he wants to use it too limited to do what is needed, but is easy to use. The things that are almost what we need are usually too difficult or the accountants rule them out. There was a lot of "training" to get our current system where we wanted it, now there are no old dogs that want to learn new tricks.:^( The only way I will get anything through, is if I can seamlessly integrate into what they want, or make something that does everything required from a single application, so there are no more multiple entries situations that are required to maintain accounts. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql replication vs. radrelay
> 1.8 ? Freeradius 1.1.1 comes with dialup-admin v1.70.2, the recent CVS includes v1.80 > a file in the documentation directory. The last batch of patches Where can I find your patches? Maybe you've done something which could be useful for me. :) > That's right. I would have to study the GPL and FSF licences, > to understand the implications. Hmmm, isn't freeradius itself released under the same license? > > That sounds like much work > It's like eating an Elephant. Start off with small bites, and > just keep on munching, until eventually your done. Bon appetit! ;) > I am still mulling it over. I think is has to be clear what the expected usage is. I mean there are two directions, the first is the (technical) administration of the radius server concerning tasks like setting up NAS, IP-pools, configuration in general etc. The second is the "business"-thing, like adding users, billing & evaluation of accounting data, colorful statistics :) etc. I guess Dialup-Admin is somewhere in between. So a real GUI-configuration tool would be very nice. > My Boss ruled it out. He doesn't want a bunch of bits and pieces > that are loosely coupled. Unfortunately, what he wants to use > it too limited to do what is needed, but is easy to use. I know this scenario, too :) Have a nice weekend. After work I'm going to look for some elephants... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql replication vs. radrelay
On Fri, 2006-28-04 at 15:37 +0200, Olaf Schaefer wrote: > > 1.8 ? > Freeradius 1.1.1 comes with dialup-admin v1.70.2, the recent CVS > includes v1.80 > > > a file in the documentation directory. The last batch of patches > > Where can I find your patches? Maybe you've done something which could > be useful for me. :) Most were incorporated into the CVS head before FreeRadius was 1.0.0. I doubt I have any of the original patch files anymore. > > > That's right. I would have to study the GPL and FSF licences, > > to understand the implications. > > Hmmm, isn't freeradius itself released under the same license? > Sure, supplying patches that fix bugs or provide improvements does not concern me, because I know that is allowed. Taking the code for dialup_admin breaking it down and turning it into something else is quite different. I respect the tremendous amount of work that went into dialup_admin, and I am sure that many people find it meets their needs. Some of the minimum requirements I have to meet require significant changes, and rather than struggle to get my changes included. I know that I don't like it when people use my code without giving me any credit, making it seems easier to start from scratch so that I don't appear to be taking credit for work that I did not do on my own. > > > That sounds like much work > > It's like eating an Elephant. Start off with small bites, and > > just keep on munching, until eventually your done. > > Bon appetit! ;) > > > I am still mulling it over. > > I think is has to be clear what the expected usage is. I mean there are > two directions, the first is the (technical) administration of the > radius server concerning tasks like setting up NAS, IP-pools, > configuration in general etc. > The second is the "business"-thing, like adding users, billing & > evaluation of accounting data, colorful statistics :) etc. Absolutely, I think there are basically three types of activity: 1) Configuration - Used very rarely buy knowledgable staff, to change operation of the server. 2) Administration - Maintenance of administration, user accounts, service packages, billing systems and report generators. 3) User - Allows users to maintain parts of their account(s) that are permitted, and view the reports they are permitted to see. Some of the tools required to make configuration possible can also be used for administration and in some cases the user area as well, but using a conditioned read only method. For instance it would be easier for administration to be able to select dictionary attributes from a list then be able to select valid values for that attribute, or have their entries verified as being valid. > > I guess Dialup-Admin is somewhere in between. So a real > GUI-configuration tool would be very nice. > > > My Boss ruled it out. He doesn't want a bunch of bits and pieces > > that are loosely coupled. Unfortunately, what he wants to use > > it too limited to do what is needed, but is easy to use. > > I know this scenario, too :) > > Have a nice weekend. > > After work I'm going to look for some elephants... > I hope you get something to eat first. ;^) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
