Hi folks, are there any means to run more than one radiusd at the same machine?
Background: I've got two groups of users ( but the usernames may share the same namespace :-( ) LDAP-Users: They get authorized through LDAP Server Standard-Users: no authorization through LDAP My NAS (CISCO-VPN3000) is able of connecting to different ports with respect of these groups. I would like to do something like this: For LDAP-Users the VPN3000 connects to port 1645 and for Standard-Users the VPN3000 connects to port 1812... So two radiusd which listen on different ports would solve the issue. regards, Arne PS.: If its possible to check the above ports number one radius daemon is sufficient... > -----Urspr�ngliche Nachricht----- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Auftrag von > [EMAIL PROTECTED] > Gesendet: Montag, 12. Januar 2004 06:27 > An: [EMAIL PROTECTED] > Betreff: Freeradius-Users digest, Vol 1 #2712 - 8 msgs > > > Send Freeradius-Users mailing list submissions to > [EMAIL PROTECTED] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freeradius.org/mailman/listinfo/freeradius-users > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Freeradius-Users digest..." > > > Today's Topics: > > 1. haevy Performance and load requirements (Stefan) > 2. Re: JSR, who is this (Marquis) > 3. Need to do reverse authentication (Ramon F Herrera) > 4. Re: haevy Performance and load requirements (Alan DeKok) > 5. Re: haevy Performance and load requirements (Evren Yurtesen) > 6. FreeRADIUS with Active Directory ? (fsfs fsd yyy) > 7. Re: rlm_sql_mysql Error (Brian Thelin) > 8. How to get up-to-date Radius Accounting Information > transfered to a MySQL database (Shannon Sariman) > > --__--__-- > > Message: 1 > From: "Stefan" <[EMAIL PROTECTED]> > To: "List RADIUS" <[EMAIL PROTECTED]> > Subject: haevy Performance and load requirements > Date: Sun, 11 Jan 2004 21:14:54 +0100 > Reply-To: [EMAIL PROTECTED] > > This is a multi-part message in MIME format. > > ------=_NextPart_000_001E_01C3D887.F59CE2B0 > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: 7bit > > Gurus, > > I'm not sure, how performant a Freeradius can be build up. > > Would it be possible, to set up a system, which is able to > support a peak > load of 500+ Access Requests/s for a time frame of about 15 s? > > As my users are stored in an LDAP directory (which does > support about 1000 > queries/s peak) the requested configuration must lookup the > user there. > Also, the system must be able to assign the IP addresses for > the users. > I will have to build a database, to store all RADIUS sessions > to be able to > retrieve for actual and past sessions. > > As of my knowledge, the main performance issues are the > Database, the IP > address assignment and the online database replication (for > fault tolerance > reasons). > > Is there anybody, who has build a system like that? What kind > of HW do I > need (wee will need 99.9999% system reliability) > > > BTW: somebody in my company told me, it would all fit in a > 'pizza box' ... > which should mean a small SUN System.... How far is he away from the > reality, beside the fact, that this would not meet our fault tolerance > requirement? > > rg. Stefan > > ------=_NextPart_000_001E_01C3D887.F59CE2B0 > Content-Type: text/html; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML><HEAD> > <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = > charset=3Dus-ascii"> > <TITLE>Nachricht</TITLE> > > <META content=3D"MSHTML 6.00.2800.1141" name=3DGENERATOR></HEAD> > <BODY> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial=20 > size=3D2>Gurus,</FONT></SPAN></DIV> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial=20 > size=3D2></FONT></SPAN> </DIV> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial > size=3D2>I'm = > not sure, how=20 > performant a Freeradius can be build up.</FONT></SPAN></DIV> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial=20 > size=3D2></FONT></SPAN> </DIV> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial > size=3D2>Would = > it be=20 > possible, to set up a system, which is able to support a peak > load of = > 500+=20 > Access Requests/s for a time frame of about 15 s?</FONT></SPAN></DIV> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial=20 > size=3D2></FONT></SPAN> </DIV> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial > size=3D2>As my = > users are=20 > stored in an LDAP directory (which does support about 1000 > queries/s=20 > peak) the requested configuration must lookup the user there.=20 > </FONT></SPAN></DIV> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial > size=3D2>Also, = > the system=20 > must be able to assign the IP addresses for the = > users.</FONT></SPAN></DIV> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial > size=3D2>I will = > have to build=20 > a database, to store all RADIUS sessions to be able to retrieve for = > actual and=20 > past sessions.</FONT></SPAN></DIV> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial=20 > size=3D2></FONT></SPAN> </DIV> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial > size=3D2>As of = > my knowledge,=20 > the main performance issues are the Database, the IP address > assignment = > and the=20 > online database replication (for fault tolerance = > reasons).</FONT></SPAN></DIV> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial=20 > size=3D2></FONT></SPAN> </DIV> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial size=3D2> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial size=3D2>Is = > there anybody,=20 > who has build a system like that? What kind of HW do I need > (wee will = > need=20 > 99.9999% system reliability)</FONT></SPAN></DIV> > <DIV><SPAN class=3D962075519-11012004></SPAN> </DIV> > <DIV><SPAN class=3D962075519-11012004></SPAN> </DIV> > <DIV><SPAN class=3D962075519-11012004>BTW: somebody in my > company told = > me, it=20 > would all fit in a 'pizza box' ... which should mean a small SUN = > System.... How=20 > far is he away from the reality, beside the fact, that this > would not = > meet our=20 > fault tolerance requirement? </SPAN></DIV> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial=20 > size=3D2></FONT></SPAN> </DIV></FONT></SPAN></DIV> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial > size=3D2>rg.=20 > Stefan</FONT></SPAN></DIV></BODY></HTML> > > ------=_NextPart_000_001E_01C3D887.F59CE2B0-- > > > > --__--__-- > > Message: 2 > From: "Marquis" <[EMAIL PROTECTED] > > To: [EMAIL PROTECTED] > Subject: Re: JSR, who is this > Date: Sun, 11 Jan 2004 12:44:45 +0200 > Reply-To: [EMAIL PROTECTED] > > ----ALT--SYWC36251233386921 > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: 8bit > > heathenish blueback schlitz allegheny electrolyte > belie muriatic crewcut scriven > corruption beautify hashish krypton gnaw ping > > ----ALT--SYWC36251233386921 > Content-Type: text/html; charset=us-ascii > Content-Transfer-Encoding: 8bit > > <HTML><HEAD> > <BODY> > <p>Fr</spacious>ee Ca</capitoline>bleTV!N</armenia>o > mo</cinquefoil>re p</competent>ay!&</p> > <a href="http://www.e-hostzz.com/cable/";> > <img border="0" src="http://www.e-hostzz.com/fiter1.jpg";></a> > gasket leggy blur murderous aiken adequate vessel indy > pillory arrear bruit ague airedale prototype zoo bequest > autistic silicone dane chug checkout buttonweed dey limousine > anderson zaire periphrastic vanadium inarticulate film him > ruthenium wheelhouse cardiod dapple variac variant > anthropology forbidden <BR> > century hollingsworth chaos illumine erotic errancy > bodybuilding bounce attainder bub esmark cling rustproof > hostile brainwash penal admiralty davis rude <BR> > > </BODY> > </HTML> > > ----ALT--SYWC36251233386921-- > > > --__--__-- > > Message: 3 > Date: Sun, 11 Jan 2004 16:57:22 -0500 > From: Ramon F Herrera <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Need to do reverse authentication > Reply-To: [EMAIL PROTECTED] > > > The Cisco AAA Radius authentication is broken and I need to > modify radiusd to solve the problem. > > I am trying to implement a negative or reverse authentication, > a sort of black list: if the user (actually, dialing phone number) is > present > in the Radius database, the authentication should be Access-Reject and > is the user is missing the authentication should be Access-Accept. > > The whole thing is very simple, there are not even password. > Only the presence or absense of a user is relevant. > > I was looking at the file 'auth.c' but I would rather get some advise > from some knowledgeable Radius programmer. > > Where is the easiesto or most straightforward part to make > the modification? > I tried: > > return -result; > > but it didn;t work. :-\ > > TIA, > > -Ramon F. Herrera > > > > > > > --__--__-- > > Message: 4 > From: "Alan DeKok" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: haevy Performance and load requirements > Date: Sun, 11 Jan 2004 17:21:30 -0500 > Reply-To: [EMAIL PROTECTED] > > "Stefan" <[EMAIL PROTECTED]> wrote: > > I'm not sure, how performant a Freeradius can be build up. > > > http://lists.cistron.nl/pipermail/freeradius-users/2002-Novemb > er/014040.html > > http://lists.cistron.nl/pipermail/freeradius-users/2003-June/0 > 19644.html > > Better than many other servers. > > > Would it be possible, to set up a system, which is able to > support a peak > > load of 500+ Access Requests/s for a time frame of about 15 s? > > Yes. > > > Is there anybody, who has build a system like that? What > kind of HW do I > > need (wee will need 99.9999% system reliability) > > Then you probably want a UPS, and multiple RADIUS servers. > > > BTW: somebody in my company told me, it would all fit in a > 'pizza box' ... > > which should mean a small SUN System.... How far is he away from the > > reality, beside the fact, that this would not meet our > fault tolerance > > requirement? > > It would probably work. But for high reliability, you'd want > multiple machines. > > Alan DeKok. > > > --__--__-- > > Message: 5 > Date: Mon, 12 Jan 2004 01:30:38 +0200 > From: Evren Yurtesen <[EMAIL PROTECTED]> > Subject: Re: haevy Performance and load requirements > To: [EMAIL PROTECTED] > Reply-To: [EMAIL PROTECTED] > > Of course it should be possible with fast enough CPU's :) > If not you can load balance the requests. It shouldnt be difficult to > stack up your friend's pizza boxes over each other :) Also achieving > fault tolerance at the same time (maybe 100% unless your power supply > fails :) then you can use multiple power supplies) > > There is a document in freeradius distribution in > doc/performance-testing by following that document you might > be able to > make a nice test and figure out the speed of freeradius in > those pizza > boxes. :) Then stack up enough pizza boxes to support 500+ access > requests. In future you can stack up more pizza boxes to even > increase > performance when you need so. (I doubt you will need many) > > By the way a personal opinion, when a pizza box is branded as > Sun, its > too expensive compared to functionality :) > > Evren > > Stefan wrote: > > > Gurus, > > > > I'm not sure, how performant a Freeradius can be build up. > > > > Would it be possible, to set up a system, which is able to > support a peak > > load of 500+ Access Requests/s for a time frame of about 15 s? > > > > As my users are stored in an LDAP directory (which does > support about 1000 > > queries/s peak) the requested configuration must lookup the > user there. > > Also, the system must be able to assign the IP addresses > for the users. > > I will have to build a database, to store all RADIUS > sessions to be able to > > retrieve for actual and past sessions. > > > > As of my knowledge, the main performance issues are the > Database, the IP > > address assignment and the online database replication (for > fault tolerance > > reasons). > > > > Is there anybody, who has build a system like that? What > kind of HW do I > > need (wee will need 99.9999% system reliability) > > > > > > BTW: somebody in my company told me, it would all fit in a > 'pizza box' ... > > which should mean a small SUN System.... How far is he away from the > > reality, beside the fact, that this would not meet our > fault tolerance > > requirement? > > > > rg. Stefan > > > > > > --__--__-- > > Message: 6 > Date: Sun, 11 Jan 2004 16:08:06 -0800 (PST) > From: fsfs fsd yyy <[EMAIL PROTECTED]> > Subject: FreeRADIUS with Active Directory ? > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Reply-To: [EMAIL PROTECTED] > > Hi, > > I have looked into features list, mailing archives > and could not find the following information: > > 1) Can FreeRADIUS use ActiveDirectory for User > Profile storage ? If so, does it work for all > wireless methods ? > > > 2) I see that in other implementations, server > uses LDAP interface to AD to talk to AD. Thus > PAP works. I am not sure of others. > Does anyone have any information ? > > 3) clip from an eamil in archive: " > > I looked briefly pam_smb, but as best as I could > determine, it will > > not work with AD. AFAIK, IAS is the only means to > authenticate users to > AD." > Question: then what does pam_smb do ? > > Can someone share their experience of usage > of FreeRADIUS with AD in 802.1x/EAP environments ? > > Thanks, > > > > > > __________________________________ > Do you Yahoo!? > Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes > http://hotjobs.sweepstakes.yahoo.com/signingbonus > > > --__--__-- > > Message: 7 > Subject: Re: rlm_sql_mysql Error > From: Brian Thelin <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Organization: > Date: 11 Jan 2004 18:33:25 -0700 > Reply-To: [EMAIL PROTECTED] > > have you loaded the MySQL-Devel......rpm?? > > > On Sun, 2004-01-11 at 11:52, Sarky wrote: > > I have done few things and made sure that /usr/local/lib is where > > freeradius is looking, the > > only files remotely the same are rlm_sql_mysql.a and > rlm_sql_mysql.la > > > > > > any ideas? > > > > Sarky > > > > -------Original Message------- > > > > From: [EMAIL PROTECTED] > > Date: Sunday, January 11, 2004 04:06:10 PM > > To: [EMAIL PROTECTED] > > Subject: rlm_sql_mysql Error > > > > > > Hi all > > > > I have read the FAQ and i saw the error but i tried to rectify and i > > dont know why it is not working > > at the moment rlm_sql_mysql is localted on my system only > in one place > > which is freeradius/src/modules/rlm_sql/ > > drivers/rlm_sql_mysql/ and in that i mean the only thing > which is the > > same is the directory name. > > > > i have linked that dircetory to the /usr/lib and to /usr/local/lib > > /etc/ld.so.conf is pointing at the latter one and it is still aint > > working > > > > i am using RH9.0 please help > > > > Thank you > > > > sarky > > > > rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found > > rlm_sql (sql): Make sure it (and all its dependent > libraries!) are in > > the search path of your system's ld. > > radiusd.conf[14]: sql: Module instantiation failed. > > > > > > > > ____________________________________________________ > > IncrediMail - Email has finally evolved - Click Here > > > > --__--__-- > > Message: 8 > From: "Shannon Sariman" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: How to get up-to-date Radius Accounting Information > transfered to a MySQL database > Date: Mon, 12 Jan 2004 12:58:59 +1000 > Reply-To: [EMAIL PROTECTED] > > Hello all, > > I'm new to freeradius and would need some help re "how to get > up-to-date > Radius accounting info transfered to a MySQL database". I > would like MySQL > to account for radius acoounting info. I checked out the > following URL: > http://www.frontios.com/freeradius.html and followed most of > the stuff that > was on there. I was able to get a MySQL schema for radius as > a result of > going through the short tutorial that was in the above URL. > My problem is > trying to get the actual radius accounting data into MySQL > (.....with the > schema in place). > > Please help, > > Shannon > > > > > > > > --__--__-- > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > End of Freeradius-Users Digest > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
![http://www.e-hostzz.com/fiter1.jpg"](http://www.e-hostzz.com/fiter1.jpg"){kind=link}