On Thu, 17 Jul 2003 17:59:42 +0100 Joćo Filipe Frade <[EMAIL PROTECTED]> wrote:
> Use something like this: > > > Modules { > ... > always handled { > rcode = handled > } > ... > } > authorize { > ... > redundant { > sql_master <---- primary db > sql_slave <---- secondary db > handled > } > ... > } Ah! I missed that in the docs! DOH! :) However it doesn't seem to work! I have in my config in authorize : redundant { sql1 sql2 handled } And also defined 'handled' in the modules section.. but if I stop both db's I get an auth reject.. I tried putting handled as the first entry in the redundant block but this gave exactly the same results! (yes I am stopping and starting the radius daemon :) any ideas? Graeme > -----Original Message----- > From: Graeme Hinchliffe [mailto:[EMAIL PROTECTED] > Sent: quinta-feira, 17 de Julho de 2003 16:33 > To: freeradius-users > Subject: Stopping radius responding > > > Hiya > Not sure if I have asked this already... > > I need to be able to have freeRadius not respond AT ALL if it cannot contact > any databases, as opposed to sending auth rejections. The logic (crazy as it sounds > initially) is this. > > Imagine the setup. 3 locations (A,B & C) each with their own NAS (A,B & C) and also > each with their own FreeRADIUS (A,B & C). > > They are configured so that NAS A talks to RADIUS A primarily, and then fails over > to RADIUS B or C, and equivalent for each of the other sites. > > RADIUS A is configured to use it's local database as well as the databases of RADIUS > B & C, and the same for the other RADIUS servers. > > Now. Suppose there are some problems, and RADIUS A cannot talk to it's local db, > but also cannot talk to RADIUS B or C's db's. It is going to send out Auth Rejects > for every request NAS A sends to it. This doesn't sound too much like a problem, > except that NAS A can see RADIUS B without issue and RADIUS B is still happy. So > what we have here is a NAS refusing connections due to RADIUS A, when infact if > RADIUS A didn't respond it would try using RADIUS B, and be able to authenticate > connections. > > I know this situation is very unlikley, but I am sure most people are aware that 1 > in a million chances happen 9 times out of 10 (especially when computers are > involved! :) ) > > Is it possible to configure this into freeRADIUS? or am I going to require some sort > of exterior monitor to kill off freeRADIUS should this occur? > > Thanks for your help > > -- > ----- > Graeme Hinchliffe (BSc) > Core Internet Systems Designer > Zen Internet (http://www.zen.co.uk) > > ICQ 3842605 (link) > > Sales : 0870 6000 971 > Fax : 0870 6000 972 > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- ----- Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk) ICQ 3842605 (link) Sales : 0870 6000 971 Fax : 0870 6000 972 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html