Re: (RADIATOR) Database Failover
you can do this on the NAS itself.
Mir Atir
- Original Message -
From:
Brett
Murphy
To: Dirk Laan ; [EMAIL PROTECTED]
Sent: Friday, March 23, 2001 2:23
AM
Subject: Re: (RADIATOR) Database
Failover
I have the same issue, and I am going to implement a MySQL
server that has high availability.ie, dual processor, redundant power
supply etc.What I really would like is a sample config on how to get
radiator to just "auth everyone" on database fail, at least the customers
wont notice then.At 09:14 AM 3/22/2001 +0100, Dirk
Laan wrote:Hello,How do I build a failover for our
database ?We're using MySql.For example:The
Radius server is still working but it can't connect to the
database.Any help would be great.I've include
the configRegards,Dirk
LaanForegroundTrace
4LogStdoutLogDir
/var/logLogFile
/var/log/%Y-radius.logDbDir
.Client
x.x.x.x Identifier
Cisco
Secret xxx
DupInterval 0/ClientClient
x.x.x.x Identifier
Ascend
Secret
DupInterval
0/ClientClient
DEFAULT
Secret mysecret
DupInterval
0/ClientClientListSQL
DBSource
dbi:mysql:radius
DBUsername
radius
DBAuth
radius/ClientListSQLAddressAllocator
SQL Identifier
RDCAllocator
DBSource
dbi:mysql:radius
DBUsername
radius
DBAuth
radius
DefaultLeasePeriod
86400
LeaseReclaimInterval
3600
AddressPool
x.x.x.x-1
Range x.x.x.x
x.x.x.x
/AddressPool
AddressPool
x.x.x.x-2
Range x.x.x.x
x.x.x.x
/AddressPool
AddressPool
NULAD-1
Range x.x.x.x
x.x.x.x
/AddressPool
AddressPool
NULAD-2
Range x.x.x.x
x.x.x.x
/AddressPool/AddressAllocatorSessionDatabase
SQL
DBSource
dbi:mysql:radius
DBUsername
radius
DBAuth
radius
CountQuery
\
select NASIDENTIFIER, NASPort, AcctSessionID from RADONLINE
\
where UserName='%n'/SessionDatabase# configure
AuthBy SQL for authenticationAuthBy
SQL
Identifier
InitialAuth
DBSource
dbi:mysql:radius
DBUsername
radius
DBAuth
radius
AuthSelect select AUTHTYPE, PASSWORD from RDC where USERNAME =
'%n'
AuthColumnDef 0, Auth-Type,
check
AuthColumnDef 1, User-Password,
check
StripFromReply
Group-ID
AddToReply Service-Type=Framed-User, Framed-Protocol=PPP,
cisco-avpair="ip:dns-servers=x.x.x.x"/AuthBy#
configure AuthBy SQL for GIDAuthBy
SQL
Identifier
SQL_GetGID
DBSource
dbi:mysql:radius
DBUsername
radius
DBAuth
radius
AuthSelect select GROUPID, SIMUSE from RDC where USERNAME =
'%n'
AuthColumnDef 0, Group-ID,
reply
AuthColumnDef 1, Simultaneous-Use,
check
NoDefault/AuthBy# configure AuthBy SQL for
Fixed IPAuthBy
SQL
Identifier
Fixed_IP
DBSource
dbi:mysql:radius
DBUsername
radius
DBAuth
radius
AuthSelect select STATICVST, SIMUSE from RDC where USERNAME =
'%n'
AuthColumnDef 0, Framed-IP-Address,
reply
AuthColumnDef 1, Simultaneous-Use,
check
NoDefault/AuthBy# configure AuthBy
DYNADDRESS for Dynamic IPAuthBy
DYNADDRESS
Identifier Dynamic_IP
Allocator RDCAllocator
PoolHint
%{NAS-IP-Address}-%{Reply:Group-ID}
StripFromReply
Group-ID MapAttribute
yiaddr, Framed-IP-Address/AuthBy# configure
AuthBy SQL for accountingAuthBy
SQL
Identifier
AuthAccounting
DBSource
dbi:mysql:radius
DBUsername
radius
DBAuth
radius
AuthSelect
AccountingTable
ACCOUNTING
AcctColumnDef
USERNAME,User-Name
AcctColumnDef
TIME_STAMP,Timestamp,integer
AcctColumnDef
ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef
ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef
ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef
ACCTSESSIONID,Acct-Session-Id
AcctColumnDef
ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef
ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef
NASIDENTIFIER,NAS-Identifier
AcctColumnDef
NASIDENTIFIER,NAS-IP-Address
AcctColumnDef
NASPORT,NAS-Port,integer
AcctColumnDef
FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef
DNIS,Called-Station-Id
AcctColumnDef
CLID,Calling-Station-Id/AuthBy# configure
AuthBy GROUP for Static IPAuthBy
GROUP
Identifier
AuthStatic
AuthByPolicy
ContinueWhileAccept
AuthBy Fixed_IP
AddToReply Class = Fixed_IP/AuthBy# configure
AuthBy GROUP for Dynamic IPAuthBy
GROUP
Identifier
AuthDynamic
AuthByPolicy
ContinueWhileAccept
AuthBy
SQL_GetGID
AuthBy Dynamic_IP/AuthBy# configure Handlers
for accountingHandler Request-Type=Accounting-Request,
Class =
Fixed_IP
AuthBy AuthAccounting/HandlerHandler
Request-Type=Accounting-Request
AuthByPolicy
ContinueAlways
AuthBy
AuthAccounting
AuthBy AuthDynamic/Handler# configure Handlers
for
a
Re: (RADIATOR) Database Failover
you can do this on the NAS itself. Mir Atir Right, except you can't do this with the session database, that one has to have high-availability if you need it for sim use checking, etc. Chris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Database Failover
Hello,
How do I build a failover for our database ?
We're using MySql.
For example:
The Radius server is still working but it can't connect to the database.
Any help would be great.
I've include the config
Regards,
Dirk Laan
Foreground
Trace 4
LogStdout
LogDir /var/log
LogFile /var/log/%Y-radius.log
DbDir .
Client x.x.x.x
Identifier Cisco
Secret xxx
DupInterval 0
/Client
Client x.x.x.x
Identifier Ascend
Secret
DupInterval 0
/Client
Client DEFAULT
Secret mysecret
DupInterval 0
/Client
ClientListSQL
DBSourcedbi:mysql:radius
DBUsername radius
DBAuth radius
/ClientListSQL
AddressAllocator SQL
Identifier RDCAllocator
DBSourcedbi:mysql:radius
DBUsername radius
DBAuth radius
DefaultLeasePeriod 86400
LeaseReclaimInterval3600
AddressPool x.x.x.x-1
Range x.x.x.x x.x.x.x
/AddressPool
AddressPool x.x.x.x-2
Range x.x.x.x x.x.x.x
/AddressPool
AddressPool NULAD-1
Range x.x.x.x x.x.x.x
/AddressPool
AddressPool NULAD-2
Range x.x.x.x x.x.x.x
/AddressPool
/AddressAllocator
SessionDatabase SQL
DBSourcedbi:mysql:radius
DBUsername radius
DBAuth radius
CountQuery \
select NASIDENTIFIER, NASPort, AcctSessionID from RADONLINE \
where UserName='%n'
/SessionDatabase
# configure AuthBy SQL for authentication
AuthBy SQL
Identifier InitialAuth
DBSourcedbi:mysql:radius
DBUsername radius
DBAuth radius
AuthSelect select AUTHTYPE, PASSWORD from RDC where USERNAME = '%n'
AuthColumnDef 0, Auth-Type, check
AuthColumnDef 1, User-Password, check
StripFromReply Group-ID
AddToReply Service-Type=Framed-User, Framed-Protocol=PPP, cisco-avpair=
"ip:dns-servers=x.x.x.x"
/AuthBy
# configure AuthBy SQL for GID
AuthBy SQL
Identifier SQL_GetGID
DBSourcedbi:mysql:radius
DBUsername radius
DBAuth radius
AuthSelect select GROUPID, SIMUSE from RDC where USERNAME = '%n'
AuthColumnDef 0, Group-ID, reply
AuthColumnDef 1, Simultaneous-Use, check
NoDefault
/AuthBy
# configure AuthBy SQL for Fixed IP
AuthBy SQL
Identifier Fixed_IP
DBSourcedbi:mysql:radius
DBUsername radius
DBAuth radius
AuthSelect select STATICVST, SIMUSE from RDC where USERNAME = '%n'
AuthColumnDef 0, Framed-IP-Address, reply
AuthColumnDef 1, Simultaneous-Use, check
NoDefault
/AuthBy
# configure AuthBy DYNADDRESS for Dynamic IP
AuthBy DYNADDRESS
Identifier Dynamic_IP
Allocator RDCAllocator
PoolHint %{NAS-IP-Address}-%{Reply:Group-ID}
StripFromReply Group-ID
MapAttribute yiaddr, Framed-IP-Address
/AuthBy
# configure AuthBy SQL for accounting
AuthBy SQL
Identifier AuthAccounting
DBSourcedbi:mysql:radius
DBUsername radius
DBAuth radius
AuthSelect
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef DNIS,Called-Station-Id
AcctColumnDef CLID,Calling-Station-Id
/AuthBy
# configure AuthBy GROUP for Static IP
AuthBy GROUP
Identifier AuthStatic
AuthByPolicy ContinueWhileAccept
AuthBy Fixed_IP
AddToReply Class = Fixed_IP
/AuthBy
# configure AuthBy GROUP for Dynamic IP
AuthBy GROUP
Identifier AuthDynamic
AuthByPolicy ContinueWhileAccept
AuthBy SQL_GetGID
AuthBy Dynamic_IP
/AuthBy
# configure Handlers for accounting
Handler Request-Type=Accounting-Request, Class = Fixed_IP
AuthBy AuthAccounting
/Handler
Handler Request-Type=Accounting-Request
Re: (RADIATOR) Database Failover
Hello Dirk - You would specify multiple DBSource, DBUsername and DBAuth lines in the AuthBy SQL clause(s). Have a look at section 6.26 in the Radiator 2.18 reference manual. Keep in mind however that keeping the databases coherent is a whole other problem that is outside the scope of Radiator. In general we recommend using a single high-availability SQL host with hot-swap RAID disks. regards Hugh On Thursday 22 March 2001 19:14, Dirk Laan wrote: Hello, How do I build a failover for our database ? We're using MySql. For example: The Radius server is still working but it can't connect to the database. Any help would be great. I've include the config Regards, Dirk Laan Content-Type: text/plain; charset="us-ascii"; name="config.txt" Content-Transfer-Encoding: 7bit Content-Description: Content-Type: text/x-vcard; charset="us-ascii"; name="d.laan.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Dirk Laan -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Database Failover
I have the same issue, and I am going to implement a MySQL server that has
high availability.
ie, dual processor, redundant power supply etc.
What I really would like is a sample config on how to get radiator to just
"auth everyone" on database fail, at least the customers wont notice then.
At 09:14 AM 3/22/2001 +0100, Dirk Laan wrote:
Hello,
How do I build a failover for our database ?
We're using MySql.
For example:
The Radius server is still working but it can't connect to the database.
Any help would be great.
I've include the config
Regards,
Dirk Laan
Foreground
Trace 4
LogStdout
LogDir /var/log
LogFile /var/log/%Y-radius.log
DbDir .
Client x.x.x.x
Identifier Cisco
Secret xxx
DupInterval 0
/Client
Client x.x.x.x
Identifier Ascend
Secret
DupInterval 0
/Client
Client DEFAULT
Secret mysecret
DupInterval 0
/Client
ClientListSQL
DBSourcedbi:mysql:radius
DBUsername radius
DBAuth radius
/ClientListSQL
AddressAllocator SQL
Identifier RDCAllocator
DBSourcedbi:mysql:radius
DBUsername radius
DBAuth radius
DefaultLeasePeriod 86400
LeaseReclaimInterval3600
AddressPool x.x.x.x-1
Range x.x.x.x x.x.x.x
/AddressPool
AddressPool x.x.x.x-2
Range x.x.x.x x.x.x.x
/AddressPool
AddressPool NULAD-1
Range x.x.x.x x.x.x.x
/AddressPool
AddressPool NULAD-2
Range x.x.x.x x.x.x.x
/AddressPool
/AddressAllocator
SessionDatabase SQL
DBSourcedbi:mysql:radius
DBUsername radius
DBAuth radius
CountQuery \
select NASIDENTIFIER, NASPort, AcctSessionID from
RADONLINE \
where UserName='%n'
/SessionDatabase
# configure AuthBy SQL for authentication
AuthBy SQL
Identifier InitialAuth
DBSourcedbi:mysql:radius
DBUsername radius
DBAuth radius
AuthSelect select AUTHTYPE, PASSWORD from RDC where USERNAME = '%n'
AuthColumnDef 0, Auth-Type, check
AuthColumnDef 1, User-Password, check
StripFromReply Group-ID
AddToReply Service-Type=Framed-User, Framed-Protocol=PPP,
cisco-avpair=
"ip:dns-servers=x.x.x.x"
/AuthBy
# configure AuthBy SQL for GID
AuthBy SQL
Identifier SQL_GetGID
DBSourcedbi:mysql:radius
DBUsername radius
DBAuth radius
AuthSelect select GROUPID, SIMUSE from RDC where USERNAME = '%n'
AuthColumnDef 0, Group-ID, reply
AuthColumnDef 1, Simultaneous-Use, check
NoDefault
/AuthBy
# configure AuthBy SQL for Fixed IP
AuthBy SQL
Identifier Fixed_IP
DBSourcedbi:mysql:radius
DBUsername radius
DBAuth radius
AuthSelect select STATICVST, SIMUSE from RDC where USERNAME = '%n'
AuthColumnDef 0, Framed-IP-Address, reply
AuthColumnDef 1, Simultaneous-Use, check
NoDefault
/AuthBy
# configure AuthBy DYNADDRESS for Dynamic IP
AuthBy DYNADDRESS
Identifier Dynamic_IP
Allocator RDCAllocator
PoolHint %{NAS-IP-Address}-%{Reply:Group-ID}
StripFromReply Group-ID
MapAttribute yiaddr, Framed-IP-Address
/AuthBy
# configure AuthBy SQL for accounting
AuthBy SQL
Identifier AuthAccounting
DBSourcedbi:mysql:radius
DBUsername radius
DBAuth radius
AuthSelect
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef DNIS,Called-Station-Id
AcctColumnDef CLID,Calling-Station-Id
/AuthBy
# configure AuthBy GROUP for Static IP
AuthBy GROUP
Identifier AuthStatic
AuthByPolicy ContinueWhileAccept
AuthBy Fixed_IP
AddToReply
IMPORTANT - Re: (RADIATOR) Database Failover
Hello Brett, Hello Everyone -
My advice is to do the following:
1. Configure your NAS(s) to point at one or the other of two load balancing
Radiator proxies outside your firewall. These can be very modest machines
just running Radiator and tcpwrapper or similar for security.
2. Configure the load balancing proxies to point to two or more Radiator
processing hosts inside the firewall. Use the AuthBy LOADBALANCE clause and
add caching and local file accounting on fail (available in Radiator 2.18).
This will allow your customers (who have dialed up within the caching window)
to authenticate, and you will have a flat file accounting record that you can
subsequently process to add the details to the customer records.
3. Build and configure two or more Radiator processing hosts inside your
firewall. Configure these hosts to run against your SQL host.
4. Build a *very* solid database host with multiprocessor and hot-swap RAID
disk array.
This is not the only solution of course, but at least this one is relatively
easy, simple and inexpensive.
regards
Hugh
On Friday 23 March 2001 10:23, Brett Murphy wrote:
I have the same issue, and I am going to implement a MySQL server that has
high availability.
ie, dual processor, redundant power supply etc.
What I really would like is a sample config on how to get radiator to just
"auth everyone" on database fail, at least the customers wont notice then.
At 09:14 AM 3/22/2001 +0100, Dirk Laan wrote:
Hello,
How do I build a failover for our database ?
We're using MySql.
For example:
The Radius server is still working but it can't connect to the database.
Any help would be great.
I've include the config
Regards,
Dirk Laan
Foreground
Trace 4
LogStdout
LogDir /var/log
LogFile /var/log/%Y-radius.log
DbDir .
Client x.x.x.x
Identifier Cisco
Secret xxx
DupInterval 0
/Client
Client x.x.x.x
Identifier Ascend
Secret
DupInterval 0
/Client
Client DEFAULT
Secret mysecret
DupInterval 0
/Client
ClientListSQL
DBSourcedbi:mysql:radius
DBUsername radius
DBAuth radius
/ClientListSQL
AddressAllocator SQL
Identifier RDCAllocator
DBSourcedbi:mysql:radius
DBUsername radius
DBAuth radius
DefaultLeasePeriod 86400
LeaseReclaimInterval3600
AddressPool x.x.x.x-1
Range x.x.x.x x.x.x.x
/AddressPool
AddressPool x.x.x.x-2
Range x.x.x.x x.x.x.x
/AddressPool
AddressPool NULAD-1
Range x.x.x.x x.x.x.x
/AddressPool
AddressPool NULAD-2
Range x.x.x.x x.x.x.x
/AddressPool
/AddressAllocator
SessionDatabase SQL
DBSourcedbi:mysql:radius
DBUsername radius
DBAuth radius
CountQuery \
select NASIDENTIFIER, NASPort, AcctSessionID from
RADONLINE \
where UserName='%n'
/SessionDatabase
# configure AuthBy SQL for authentication
AuthBy SQL
Identifier InitialAuth
DBSourcedbi:mysql:radius
DBUsername radius
DBAuth radius
AuthSelect select AUTHTYPE, PASSWORD from RDC where USERNAME =
'%n'
AuthColumnDef 0, Auth-Type, check
AuthColumnDef 1, User-Password, check
StripFromReply Group-ID
AddToReply Service-Type=Framed-User, Framed-Protocol=PPP,
cisco-avpair=
"ip:dns-servers=x.x.x.x"
/AuthBy
# configure AuthBy SQL for GID
AuthBy SQL
Identifier SQL_GetGID
DBSourcedbi:mysql:radius
DBUsername radius
DBAuth radius
AuthSelect select GROUPID, SIMUSE from RDC where USERNAME = '%n'
AuthColumnDef 0, Group-ID, reply
AuthColumnDef 1, Simultaneous-Use, check
NoDefault
/AuthBy
# configure AuthBy SQL for Fixed IP
AuthBy SQL
Identifier Fixed_IP
DBSourcedbi:mysql:radius
DBUsername radius
DBAuth radius
AuthSelect select STATICVST, SIMUSE from RDC where USERNAME =
'%n'
AuthColumnDef 0, Framed-IP-Address, reply
AuthColumnDef 1, Simultaneous-Use, check
NoDefault
/AuthBy
# configure AuthBy DYNADDRESS for Dynamic IP
AuthBy DYNADDRESS
Identifier Dynamic_IP
Allocator RDCAllocator
PoolHint %{NAS-IP-Address}-%{Reply:Group-ID}
StripFromReply Group-ID
MapAttribute yiaddr, Framed-IP-Address
/AuthBy
# configure AuthBy SQL for
