Many thanks for this Olivier, much appreciated
Rgds
A
On 9 Oct 2013, at 11:07, Olivier Beytrison wrote:
> On 09.10.2013 11:25, Olivier Beytrison wrote:
>> On 09.10.2013 10:41, Alex Sharaz wrote:
>>> I was wondering if there's a way off having a bit more granularity in terms
>>> of how the f5 lo
incent=coreye...@lists.freeradius.org]
De la part de Michael Schwartzkopff
Envoyé : mercredi 9 octobre 2013 11:17
À : FreeRadius users mailing list
Objet : Re: load balancing radius with F5 devices
Am Mittwoch, 9. Oktober 2013, 09:41:19 schrieb Alex Sharaz:
> Hi,
>
> Is anyone out there load balancing
On 09.10.2013 11:25, Olivier Beytrison wrote:
> On 09.10.2013 10:41, Alex Sharaz wrote:
>> I was wondering if there's a way off having a bit more granularity in terms
>> of how the f5 load balances incoming RADIUS requests.
Another nice thing to do is to do persistence based on radius AVP
https:
On 9 Oct 2013, at 10:16, Fajar A. Nugraha wrote:
> On Wed, Oct 9, 2013 at 3:41 PM, Alex Sharaz wrote:
> While we have 900 switches doing mac and 802.1x based auth, we can have 6000+
> users on our wireless network all authenticating to RADIUS via 3 RAS clients.
> Looking at the back end serve
On 09.10.2013 10:41, Alex Sharaz wrote:
> Hi,
>
> Is anyone out there load balancing RADIUS with an F5 load balancer? We're
> doing it here, but I can't help thinking that the actual load balancing
> algorithm need some tweaking.
I have f5 loadbalancers but atm I don't use them for our RADIUS
Am Mittwoch, 9. Oktober 2013, 09:41:19 schrieb Alex Sharaz:
> Hi,
>
> Is anyone out there load balancing RADIUS with an F5 load balancer? We're
> doing it here, but I can't help thinking that the actual load balancing
> algorithm need some tweaking.
>
> As far as I'm aware ( systems section suppo
On Wed, Oct 9, 2013 at 3:41 PM, Alex Sharaz wrote:
> While we have 900 switches doing mac and 802.1x based auth, we can have
> 6000+ users on our wireless network all authenticating to RADIUS via 3 RAS
> clients. Looking at the back end server log files, it does look as if, in
> general, all wir
thanks a lot olivier... This stuff really worked for me.. cheers
On Wed, Feb 13, 2013 at 4:05 PM, Olivier Beytrison wrote:
> On 13.02.2013 11:45, Muhammad Nadeem wrote:
> > ok, I followed your process. i make a file with User-Name and
> > NAS-IP-Address attribute. and issue the following command
On 13.02.2013 11:45, Muhammad Nadeem wrote:
> ok, I followed your process. i make a file with User-Name and
> NAS-IP-Address attribute. and issue the following command
> radclient -c 10 -p 1000 -f radrequest.txt 192.168.0.112 auth testing123
> But i only receive 10 "access-accept" packets. So what
ok, I followed your process. i make a file with User-Name and
NAS-IP-Address attribute. and issue the following command
radclient -c 10 -p 1000 -f radrequest.txt 192.168.0.112 auth testing123
But i only receive 10 "access-accept" packets. So what does it mean?? If
upper command issues 1000 requests
Athanx Fajar
Actually Rad perf is not available on website. And i also used -p with
radclient. But it didnot sent requests in parallel.
On Wed, Feb 13, 2013 at 1:30 PM, Fajar A. Nugraha wrote:
> On Wed, Feb 13, 2013 at 1:42 AM, Muhammad Nadeem
> wrote:
> > Could you
> > please help me out to s
On 13.02.2013 09:38, Muhammad Nadeem wrote:
> I used -c 1, and omit -p,, result was the same . 1 users were
> authenticated in 23 seconds :) . So i think no difference of using -p
> and -c together ?? M I right??
>
Well yeah -p works only with a file (-f)
so, feed your request multip
will it send 1 parallel requests to free radius server
why not simply use -c 1, instead of -p 100 -c 1. What will be the
difference???
Thanks
On Wed, Feb 13, 2013 at 1:16 PM, Olivier Beytrison wrote:
> On 13.02.2013 09:03, Muhammad Nadeem wrote:
> > thanx john:
> > yes i can run
On Wed, Feb 13, 2013 at 1:42 AM, Muhammad Nadeem wrote:
> Could you
> please help me out to send parallel requests to proxy server???
Try radclient (see "-p"): http://linux.die.net/man/1/radclient
Alternatively, try radperf: http://networkradius.com/radperf.html
--
Fajar
-
List info/subscribe/
I used -c 1, and omit -p,, result was the same . 1 users were
authenticated in 23 seconds :) . So i think no difference of using -p and
-c together ?? M I right??
On Wed, Feb 13, 2013 at 1:32 PM, Muhammad Nadeem wrote:
> will it send 1 parallel requests to free radius server
On Wed, Feb 13, 2013 at 4:33 PM, Muhammad Nadeem wrote:
> for load testing. But when i use this with -p (to send requests in
> parallel), it only send one packet. here is the command out put
> [root@billing ~]# echo "User-Name=001AAD3F8165,
> NAS-IP-Address=10.192.100.4"|radclient -p 100 192.168.
On 13.02.2013 09:03, Muhammad Nadeem wrote:
> thanx john:
> yes i can run many instances of radclient. But i want on instance of
> radclient, that can send parallel requests to radius server.
>
simply use
echo "User-Name=001AAD3F8165,
NAS-IP-Address=10.192.100.4"|radclient -p 100 -c 1 192.168
On 2013/02/12 04:45 PM, Alan DeKok wrote:
I tried to use Rad Client to send requests in Parallel, but i wasn't
succeed. Could you please help me out to send parallel requests to proxy
server???
Am I missing something, or can you not simply run more than once instance of
radclient on more t
thanx john:
yes i can run many instances of radclient. But i want on instance of
radclient, that can send parallel requests to radius server.
On Wed, Feb 13, 2013 at 12:56 PM, Johan Meiring
wrote:
> On 2013/02/12 04:45 PM, Alan DeKok wrote:
>
>>
>> I tried to use Rad Client to send requests in
thanx alan..
But i searching around on web i came to know that radclient can also be
used for load testing. But when i use this with -p (to send requests in
parallel), it only send one packet. here is the command out put
[root@billing ~]# echo "User-Name=001AAD3F8165,
NAS-IP-Address=10.192.100.4"|r
> There aren't many good tools available. I did have a tool on the corporate
> web site (radperf), but that's been taken down for various reasons.
> You can always use commercial traffic generators.
We're a Java group and we use Jmeter with a home-written sampler that uses
TinyRadius client
On 02/12/2013 06:12 AM, Muhammad Nadeem wrote:
thanks alan
Actually I am using load balancing for rapid authentication of users.
let suppose i have one prosy server that is proxying incoming requests
to these five servers. Theoratically the speed of authentication should
be fast. But in case of m
Muhammad Nadeem wrote:
> thanx alan,,
> I have configured a proxy server using documentation of 'proxy.conf'.
> which is proxying requests to 2 home_servers. Yes you are right, may b
> the tool which I am using (Radius NT client) sending requests in series.
Then the test doesn't mean anything.
thanx alan,,
I have configured a proxy server using documentation of 'proxy.conf'. which
is proxying requests to 2 home_servers. Yes you are right, may b the tool
which I am using (Radius NT client) sending requests in series. I tried to
use Rad Client to send requests in Parallel, but i wasn't suc
Muhammad Nadeem wrote:
> Hi,
> I am new to freeradius. I wantto implement load balancing on freeradius
> servers (not on backend database).
> I want that if a bulk of requests are received, these requests should be
> distributed evenly among multiple freeradius servers.
> Can any one please tell me
hi,
>I want that if a bulk of requests are received, these requests should be
>distributed evenly among multiple freeradius servers.
in proxy.conf, ensure that you have a suitable load-balance type defined for the
target servers - be aware that some types do not operate with EAP...as the
There are many different things you are talking at the same time.
You want increase the response time of auth. Is your database indexed?
Thanks
On Tuesday, February 12, 2013, Muhammad Nadeem wrote:
> thanks alan
> Actually I am using load balancing for rapid authentication of users. let
> suppos
thanks alan
Actually I am using load balancing for rapid authentication of users. let
suppose i have one prosy server that is proxying incoming requests to these
five servers. Theoratically the speed of authentication should be fast. But
in case of mine it is too slow.
I have changed 'max_requests'
Hi,
>I am using Freeradius 2.2.0 on redhat 5. My goal was to increase the speed
>of user authentication. To achieve this I configured Load Balancing (with
>realms). I have a proxy Freeradius server, that is just proxying requests
>to 2 other freeradius servers.
you only asked this
> Alan DeKok wrote:
> Scott McLane Gardner wrote:
> > So, now I'm confused again. If this doesn¹t load balance, then how should
> > I really be going about this?
>
> It's hard.
Actually, on some further reading, it might not be: the LDAP library/DNS may
take care of this instead of requiring s
On 27/03/12 23:38, Brian De Wolf wrote:
On Mon, 26 Mar 2012 11:46:22 -0700
Scott McLane Gardner wrote:
If I can't use if statements in a load balance block, can anyone
suggest another way to go about accomplishing what I want to do here?
After reading this thread and realizing it affects my
On Mon, 26 Mar 2012 11:46:22 -0700
Scott McLane Gardner wrote:
> If I can't use if statements in a load balance block, can anyone
> suggest another way to go about accomplishing what I want to do here?
After reading this thread and realizing it affects my implementation
(though with mysql), I st
Hi,
> So, is the documentation at
> http://wiki.freeradius.org/Load-balancing#Interaction+with+%22if%22+and+%22
> else%22 incorrect, or is it only correct for the very latest version?
its correct you want to load balance the requests to the LDAP servers, yes?
so whats the load balancing of t
Scott McLane Gardner wrote:
> So, is the documentation at
> http://wiki.freeradius.org/Load-balancing#Interaction+with+%22if%22+and+%22
> else%22 incorrect, or is it only correct for the very latest version?
It's correct. You're missing the point.
That documentation is for calling MODULES.
Hi,
> Does this mean that what I want to do is not possible?
my advice was so you werent doing all that LDAP-Group , NAS-IP-Address
stuff in unlang...
regarding the load-balance, you should be okay just keeping
that bit similar to how you had it ...heck, you might even try
redundant-load-balanc
So, is the documentation at
http://wiki.freeradius.org/Load-balancing#Interaction+with+%22if%22+and+%22
else%22 incorrect, or is it only correct for the very latest version?
-Scott
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Scott McLane Gardner wrote:
> So, now I'm confused again. If this doesn¹t load balance, then how should
> I really be going about this?
It's hard.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Scott McLane Gardner
> >(A sensible wishlist item might be to have load-balance
> sections in the
> >instantiate section register the same hooks as their
> submodules, then
> >you'd be able to name the load-balance and use
> >-Ldap-Group. But that sounds mildly hairy to
> >implement.)
> >
>
>I cannot answer your question about if statements, but this
>much is clear: the Ldap-Group check attribute will query
>the ldap module that was instantiated last. If you want
>to query a specific module, you have to use -Ldap-Group.
>
>Similarly for ldap xlats, you have to use the module name.
On 27/03/12 15:07, Scott McLane Gardner wrote:
I'd be surprised if using Ldap-Group in the user's file
resulted in load balancing of the group membership
queries to the LDAP servers. Does it?
It does, actually. Or at least it appears to. The first time it used ldap2
and the second time it use
Scott McLane Gardner
> >I'd be surprised if using Ldap-Group in the user's file resulted in
> >load balancing of the group membership queries to the LDAP servers.
> >Does it?
> >
> It does, actually. Or at least it appears to. The first time
> it used ldap2 and the second time it used ldap1.
>
>Brian Julin wrote:
>> I'd be surprised if using Ldap-Group in the user's file
>> resulted in load balancing of the group membership
>> queries to the LDAP servers. Does it?
>
> It doesn't.
>
> Alan DeKok.
So, now I'm confused again. If this doesn¹t load balance, then how should
I really be g
>
>I'd be surprised if using Ldap-Group in the user's file
>resulted in load balancing of the group membership
>queries to the LDAP servers. Does it?
>
It does, actually. Or at least it appears to. The first time it used ldap2
and the second time it used ldap1.
-
List info/subscribe/unsubscribe?
Brian Julin wrote:
> I'd be surprised if using Ldap-Group in the user's file
> resulted in load balancing of the group membership
> queries to the LDAP servers. Does it?
It doesn't.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Scott McLane Gardner wrote:
> Sent: Tuesday, March 27, 2012 9:34 AM
> To: FreeRadius users mailing list
> Subject: Re: load balancing and if statements
>
> This is the answer. Also, this is much easier than what I was
> trying to do. Thank you for the pointer, Alan.
&
This is the answer. Also, this is much easier than what I was trying to
do. Thank you for the pointer, Alan.
-Scott
On 3/26/12 5:17 PM, "Alan Buxey" wrote:
>hi,
>
>a quick glance at your question and i'd say you be better off using
>simple entries in the users file - simple check items (use hu
hi,
a quick glance at your question and i'd say you be better off using
simple entries in the users file - simple check items (use huntgroups
for your NAS addresses) with LDAP groups.
match the good stuff, set reply
match the bad stuff, set reject.
alan
-
List info/subscribe/unsubscribe? See h
Scott McLane Gardner Wrote:
> Here is the configuration I am attempting:
>
> >load-balance {
> >ldap1
> >
> >if (Ldap-Group == "NET Staff") {
I cannot answer your question about if statements, but this
much is clear: the Ldap-Group check attribute will query
the ldap modu
ncer...
Again thanks,
Robert
From: freeradius-users-bounces+robert.roll=utah@lists.freeradius.org
[freeradius-users-bounces+robert.roll=utah@lists.freeradius.org] On Behalf
Of Alexander Clouter [a...@digriz.org.uk]
Sent: Thursday, March 24, 2011 4:15 AM
To: freeradius-users@lists.fr
Robert Roll wrote:
>
> I'd like to try load balancing EAP/PEAP/MSCHAPV2 using freeradius. I
> looked at the proxy.conf and it seems that there are two options,
> because you have to insure the same end client talks to the same
> radius server. There seems to be client-balance that uses IP sour
users-bounces+robert.roll=utah@lists.freeradius.org
[freeradius-users-bounces+robert.roll=utah@lists.freeradius.org] On Behalf
Of Phil Mayers [p.may...@imperial.ac.uk]
Sent: Wednesday, March 23, 2011 3:47 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: Load Balancing EAP with freer
Hi,
> > I'd like to try load balancing EAP/PEAP/MSCHAPV2 using freeradius. I
> > looked at the proxy.conf and it seems
> > that there are two options, because you have to insure the same end client
> > talks to the
> > same radius server. There seems to be client-balance that uses IP source
>
On 03/23/2011 08:56 PM, Robert Roll wrote:
I'd like to try load balancing EAP/PEAP/MSCHAPV2 using freeradius. I looked
at the proxy.conf and it seems
that there are two options, because you have to insure the same end client
talks to the
same radius server. There seems to be client-balance t
Randy Wilson wrote:
>
>> We anycast our FreeRADIUS servers and have had great success with this.
>>
>> http://www.digriz.org.uk/ha-ospf-anycast
>
> Very interesting. Many thanks for that. May look into deploying this,
> especially for DNS.
>
The most surprising helpful and unexpected tool I got
Alan DeKok wrote:
> But for accounting, and PAP/CHAP authentication, it will work fine.
>
Fantastic. Many thanks for the confirmation.
REW
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alexander Clouter wrote:
> We anycast our FreeRADIUS servers and have had great success with this.
>
> http://www.digriz.org.uk/ha-ospf-anycast
>
Very interesting. Many thanks for that. May look into deploying this,
especially for DNS.
REW
-
List info/subscribe/unsubscribe? See http://www.free
Alan DeKok wrote:
> Randy Wilson wrote:
>> I'm considering assigning a CLUSTERIP to the servers so we can make
>> full use of the resources. Does anyone see any potential issues of
>> using this with FreeRADIUS or know of any caveats I should be aware
>> of?
> EAP won't work. It requires multi
Randy Wilson wrote:
> I'm considering assigning a CLUSTERIP
> to the servers so we can make full use of the resources. Does anyone see
> any potential issues of using this with FreeRADIUS or know of any
> caveats I should be aware of?
EAP won't work. It requires multi-packet round trips between
Randy Wilson wrote:
>
> Does anyone have any experience of load balancing two or more FreeRADIUS
> servers using the iptables CLUSTERIP target?
>
> [snipped]
>
> I have some production SMTP and FTP clusters that are load balanced in a
> similar way, with Pacemaker handling the failover, that hav
Adrian wrote:
> As per their documentation, I would have to do something like below,
> where the :1: would be L2TP tunnel 1 and :2: would be Tunnel 2:
>
> Service-Type=framed
>
> Tunnel-Medium-Type=:1:IP
>
> Tunnel-Medium-Type=:2:IP
Use "+=". See "man users".
> I’m using Freeradius 1.0.4 wi
"EXT / GFI REBOLJ Jean-Pierre" <[EMAIL PROTECTED]> said:
[snip]
>ldflag = round_robin
[snip]
> the problem is that I see the Authentication request and response then
> Accounting start on the fisrt back-end server and the accounting stop
> on the second backend server.
That sound
Alan wrote:
> NFS mounted? Don't. If NFS goes away, any application using those
> directories will lock, and be unkillable.
it's part of a red hat cluster, and it's managed by that software
suite. If a machine dies a transparent switch occurs.
If it fails I'll get angry with red hat --so far
inverse wrote:
> in my setup, log dirs live in a shared filesystem,
NFS mounted? Don't. If NFS goes away, any application using those
directories will lock, and be unkillable.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 6/29/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
> > Accounting start on the fisrt back-end server and the accounting stop
> > on the second backend server.
> > is this a bug or a problem of configuration ?
>
> It's the way load balancing works. It's documented as working this
> way. Requests
EXT / GFI REBOLJ Jean-Pierre wrote:
> hi,
> i've a proxy with freeradius 1.1.6 in load balacing with two back-end
> radius 1.1.6
...
> the problem is that I see the Authentication request and response then
> Accounting start on the fisrt back-end server and the accounting stop
> on the second bac
> Message: 4
> Date: Fri, 30 Mar 2007 09:04:40 +0200
> From: Alan DeKok <[EMAIL PROTECTED]>
> Subject: Re: load balancing 802.1x auth requests
> To: FreeRadius users mailing list
>
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=ISO
Alison Lee wrote:
> We would like to load-balance 802.1X wireless authentications on
> multiple radius servers. The problem is that EAP methods require a
> series of requests and replies between the client and the same radius
> server, but a normal radius proxy will treat each request as a new o
"Lucas Aimaretto" <[EMAIL PROTECTED]> wrote:
> Is it possible to have freeradius as a proxy, but also, doing some
> load-balancing within N other freeradius-servers ?
Read raddb/proxy.conf
> I've seen at freeradius.org that some used LinuxVirtualServer for doing
> this. But, I believe that, hav
"Eliot, GLI wireless tech support" <[EMAIL PROTECTED]> wrote:
> On the FreeRADIUS website, it says that it supports load balancing, but
> I cannot find any documentation at all on how to set it up. I found some
> stuff on module failovers, but nothing on load balancing. Does anyone
> have any more
On Thu, 2004-08-19 at 09:06 +0800, ROY wrote:
> > What I am looking for is to be able to distribute load across a number
> > of radius boxes and to be able to easily take some nodes out of
> > rotation, or add to the rotation without needing to reconfigure all of
> > the nas servers.
>
> If you've
> What I am looking for is to be able to distribute load across a number
> of radius boxes and to be able to easily take some nodes out of
> rotation, or add to the rotation without needing to reconfigure all of
> the nas servers.
If you've got Cisco NASes, you may want to try
'radius-server ret
71 matches
Mail list logo