On Thu, 17 Jul 2003 17:59:42 +0100
Joćo Filipe Frade <[EMAIL PROTECTED]> wrote:
> Use something like this:
>
>
> Modules {
> ...
> always handled {
> rcode = handled
> }
> ...
> }
> authorize {
> ...
> redundant {
> sql_master <---- primary db
> sql_slave <---- secondary db
> handled
> }
> ...
> }
Ah! I missed that in the docs! DOH! :)
However it doesn't seem to work! I have in my config in authorize :
redundant {
sql1
sql2
handled
}
And also defined 'handled' in the modules section.. but if I stop both db's I get an
auth reject..
I tried putting handled as the first entry in the redundant block but this gave
exactly the same results! (yes I am stopping and starting the radius daemon :)
any ideas?
Graeme
> -----Original Message-----
> From: Graeme Hinchliffe [mailto:[EMAIL PROTECTED]
> Sent: quinta-feira, 17 de Julho de 2003 16:33
> To: freeradius-users
> Subject: Stopping radius responding
>
>
> Hiya
> Not sure if I have asked this already...
>
> I need to be able to have freeRadius not respond AT ALL if it cannot contact
> any databases, as opposed to sending auth rejections. The logic (crazy as it sounds
> initially) is this.
>
> Imagine the setup. 3 locations (A,B & C) each with their own NAS (A,B & C) and also
> each with their own FreeRADIUS (A,B & C).
>
> They are configured so that NAS A talks to RADIUS A primarily, and then fails over
> to RADIUS B or C, and equivalent for each of the other sites.
>
> RADIUS A is configured to use it's local database as well as the databases of RADIUS
> B & C, and the same for the other RADIUS servers.
>
> Now. Suppose there are some problems, and RADIUS A cannot talk to it's local db,
> but also cannot talk to RADIUS B or C's db's. It is going to send out Auth Rejects
> for every request NAS A sends to it. This doesn't sound too much like a problem,
> except that NAS A can see RADIUS B without issue and RADIUS B is still happy. So
> what we have here is a NAS refusing connections due to RADIUS A, when infact if
> RADIUS A didn't respond it would try using RADIUS B, and be able to authenticate
> connections.
>
> I know this situation is very unlikley, but I am sure most people are aware that 1
> in a million chances happen 9 times out of 10 (especially when computers are
> involved! :) )
>
> Is it possible to configure this into freeRADIUS? or am I going to require some sort
> of exterior monitor to kill off freeRADIUS should this occur?
>
> Thanks for your help
>
> --
> -----
> Graeme Hinchliffe (BSc)
> Core Internet Systems Designer
> Zen Internet (http://www.zen.co.uk)
>
> ICQ 3842605 (link)
>
> Sales : 0870 6000 971
> Fax : 0870 6000 972
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
-----
Graeme Hinchliffe (BSc)
Core Internet Systems Designer
Zen Internet (http://www.zen.co.uk)
ICQ 3842605 (link)
Sales : 0870 6000 971
Fax : 0870 6000 972
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
