Just start two seperate instances, using -d, which specifies the directory
that the configs are in.
For example, say your radius configuration is now in /usr/local/etc/raddb.
You could rename that to raddb-users (/usr/local/etc/raddb-users)
Then create /usr/local/etc/raddb-ldap
Copy all the files from raddb-users to raddb-ldap
Edit the configuration on that one to make it ldap aware and the
configuration on the raddb-users to use the users file.
Be sure to change the path to the directory, the port number it listens
on, and the path to the pid file in radiusd.conf as well as any other
options that you want specific to each instance.
Create a startup script to start both using the -d option.
For example.
#!/bin/sh
case "$1" in
start)
/usr/local/sbin/radiusd -d /usr/local/etc/raddb-users && echo 'Starting
Users Radius'
/usr/local/sbin/radiusd -d /usr/local/etc/raddb-ldap && echo 'Starting
LDAP Radius'
;;
stop)
if [ -f /usr/local/var/run/radiusd/raddb-users.pid ]; then
kill -TERM `cat /usr/local/var/run/radiusd/raddb-users.pid`
rm -f /usr/local/var/run/radiusd/raddb-users.pid
echo ' Stopped Users Radius'
fi
if [ -f /usr/local/var/run/radiusd/raddb-ldap.pid ]; then
kill -TERM `cat /usr/local/var/run/radiusd/raddb-ldap.pid`
rm -f /usr/local/var/run/radiusd/raddb-ldap.pid
echo ' Stopped LDAP Radius'
fi
;;
*) echo "Usage: ${0##*/}: { start | stop }" 2>&1
exit 65
;;
esac
Hope that helps
-Dusty Doris
On Mon, 12 Jan 2004, Spetzler, Arne (DZ-SH) wrote:
> Hi folks,
>
> are there any means to run more than one radiusd at the same machine?
>
> Background:
>
> I've got two groups of users ( but the usernames may share the same namespace :-( )
>
> LDAP-Users: They get authorized through LDAP Server
>
> Standard-Users: no authorization through LDAP
>
> My NAS (CISCO-VPN3000) is able of connecting to different ports
> with respect of these groups.
>
> I would like to do something like this:
>
> For LDAP-Users the VPN3000 connects to port 1645 and
> for Standard-Users the VPN3000 connects to port 1812...
>
> So two radiusd which listen on different ports would solve the issue.
>
>
> regards,
>
> Arne
>
> PS.: If its possible to check the above ports number one radius daemon is
> sufficient...
>
> > -----Urspr�ngliche Nachricht-----
> > Von: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] Auftrag von
> > [EMAIL PROTECTED]
> > Gesendet: Montag, 12. Januar 2004 06:27
> > An: [EMAIL PROTECTED]
> > Betreff: Freeradius-Users digest, Vol 1 #2712 - 8 msgs
> >
> >
> > Send Freeradius-Users mailing list submissions to
> > [EMAIL PROTECTED]
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > http://lists.freeradius.org/mailman/listinfo/freeradius-users
> > or, via email, send a message with subject or body 'help' to
> > [EMAIL PROTECTED]
> >
> > You can reach the person managing the list at
> > [EMAIL PROTECTED]
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of Freeradius-Users digest..."
> >
> >
> > Today's Topics:
> >
> > 1. haevy Performance and load requirements (Stefan)
> > 2. Re: JSR, who is this (Marquis)
> > 3. Need to do reverse authentication (Ramon F Herrera)
> > 4. Re: haevy Performance and load requirements (Alan DeKok)
> > 5. Re: haevy Performance and load requirements (Evren Yurtesen)
> > 6. FreeRADIUS with Active Directory ? (fsfs fsd yyy)
> > 7. Re: rlm_sql_mysql Error (Brian Thelin)
> > 8. How to get up-to-date Radius Accounting Information
> > transfered to a MySQL database (Shannon Sariman)
> >
> > --__--__--
> >
> > Message: 1
> > From: "Stefan" <[EMAIL PROTECTED]>
> > To: "List RADIUS" <[EMAIL PROTECTED]>
> > Subject: haevy Performance and load requirements
> > Date: Sun, 11 Jan 2004 21:14:54 +0100
> > Reply-To: [EMAIL PROTECTED]
> >
> > This is a multi-part message in MIME format.
> >
> > ------=_NextPart_000_001E_01C3D887.F59CE2B0
> > Content-Type: text/plain;
> > charset="us-ascii"
> > Content-Transfer-Encoding: 7bit
> >
> > Gurus,
> >
> > I'm not sure, how performant a Freeradius can be build up.
> >
> > Would it be possible, to set up a system, which is able to
> > support a peak
> > load of 500+ Access Requests/s for a time frame of about 15 s?
> >
> > As my users are stored in an LDAP directory (which does
> > support about 1000
> > queries/s peak) the requested configuration must lookup the
> > user there.
> > Also, the system must be able to assign the IP addresses for
> > the users.
> > I will have to build a database, to store all RADIUS sessions
> > to be able to
> > retrieve for actual and past sessions.
> >
> > As of my knowledge, the main performance issues are the
> > Database, the IP
> > address assignment and the online database replication (for
> > fault tolerance
> > reasons).
> >
> > Is there anybody, who has build a system like that? What kind
> > of HW do I
> > need (wee will need 99.9999% system reliability)
> >
> >
> > BTW: somebody in my company told me, it would all fit in a
> > 'pizza box' ...
> > which should mean a small SUN System.... How far is he away from the
> > reality, beside the fact, that this would not meet our fault tolerance
> > requirement?
> >
> > rg. Stefan
> >
> > ------=_NextPart_000_001E_01C3D887.F59CE2B0
> > Content-Type: text/html;
> > charset="us-ascii"
> > Content-Transfer-Encoding: quoted-printable
> >
> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> > <HTML><HEAD>
> > <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
> > charset=3Dus-ascii">
> > <TITLE>Nachricht</TITLE>
> >
> > <META content=3D"MSHTML 6.00.2800.1141" name=3DGENERATOR></HEAD>
> > <BODY>
> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial=20
> > size=3D2>Gurus,</FONT></SPAN></DIV>
> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial=20
> > size=3D2></FONT></SPAN> </DIV>
> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial
> > size=3D2>I'm =
> > not sure, how=20
> > performant a Freeradius can be build up.</FONT></SPAN></DIV>
> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial=20
> > size=3D2></FONT></SPAN> </DIV>
> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial
> > size=3D2>Would =
> > it be=20
> > possible, to set up a system, which is able to support a peak
> > load of =
> > 500+=20
> > Access Requests/s for a time frame of about 15 s?</FONT></SPAN></DIV>
> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial=20
> > size=3D2></FONT></SPAN> </DIV>
> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial
> > size=3D2>As my =
> > users are=20
> > stored in an LDAP directory (which does support about 1000
> > queries/s=20
> > peak) the requested configuration must lookup the user there.=20
> > </FONT></SPAN></DIV>
> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial
> > size=3D2>Also, =
> > the system=20
> > must be able to assign the IP addresses for the =
> > users.</FONT></SPAN></DIV>
> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial
> > size=3D2>I will =
> > have to build=20
> > a database, to store all RADIUS sessions to be able to retrieve for =
> > actual and=20
> > past sessions.</FONT></SPAN></DIV>
> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial=20
> > size=3D2></FONT></SPAN> </DIV>
> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial
> > size=3D2>As of =
> > my knowledge,=20
> > the main performance issues are the Database, the IP address
> > assignment =
> > and the=20
> > online database replication (for fault tolerance =
> > reasons).</FONT></SPAN></DIV>
> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial=20
> > size=3D2></FONT></SPAN> </DIV>
> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial size=3D2>
> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial size=3D2>Is =
> > there anybody,=20
> > who has build a system like that? What kind of HW do I need
> > (wee will =
> > need=20
> > 99.9999% system reliability)</FONT></SPAN></DIV>
> > <DIV><SPAN class=3D962075519-11012004></SPAN> </DIV>
> > <DIV><SPAN class=3D962075519-11012004></SPAN> </DIV>
> > <DIV><SPAN class=3D962075519-11012004>BTW: somebody in my
> > company told =
> > me, it=20
> > would all fit in a 'pizza box' ... which should mean a small SUN =
> > System.... How=20
> > far is he away from the reality, beside the fact, that this
> > would not =
> > meet our=20
> > fault tolerance requirement? </SPAN></DIV>
> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial=20
> > size=3D2></FONT></SPAN> </DIV></FONT></SPAN></DIV>
> > <DIV><SPAN class=3D962075519-11012004><FONT face=3DArial
> > size=3D2>rg.=20
> > Stefan</FONT></SPAN></DIV></BODY></HTML>
> >
> > ------=_NextPart_000_001E_01C3D887.F59CE2B0--
> >
> >
> >
> > --__--__--
> >
> > Message: 2
> > From: "Marquis" <[EMAIL PROTECTED] >
> > To: [EMAIL PROTECTED]
> > Subject: Re: JSR, who is this
> > Date: Sun, 11 Jan 2004 12:44:45 +0200
> > Reply-To: [EMAIL PROTECTED]
> >
> > ----ALT--SYWC36251233386921
> > Content-Type: text/plain; charset=us-ascii
> > Content-Transfer-Encoding: 8bit
> >
> > heathenish blueback schlitz allegheny electrolyte
> > belie muriatic crewcut scriven
> > corruption beautify hashish krypton gnaw ping
> >
> > ----ALT--SYWC36251233386921
> > Content-Type: text/html; charset=us-ascii
> > Content-Transfer-Encoding: 8bit
> >
> > <HTML><HEAD>
> > <BODY>
> > <p>Fr</spacious>ee Ca</capitoline>bleTV!N</armenia>o
> > mo</cinquefoil>re p</competent>ay!&</p>
> > <a href="http://www.e-hostzz.com/cable/";>
> > <img border="0" src="http://www.e-hostzz.com/fiter1.jpg";></a>
> > gasket leggy blur murderous aiken adequate vessel indy
> > pillory arrear bruit ague airedale prototype zoo bequest
> > autistic silicone dane chug checkout buttonweed dey limousine
> > anderson zaire periphrastic vanadium inarticulate film him
> > ruthenium wheelhouse cardiod dapple variac variant
> > anthropology forbidden <BR>
> > century hollingsworth chaos illumine erotic errancy
> > bodybuilding bounce attainder bub esmark cling rustproof
> > hostile brainwash penal admiralty davis rude <BR>
> >
> > </BODY>
> > </HTML>
> >
> > ----ALT--SYWC36251233386921--
> >
> >
> > --__--__--
> >
> > Message: 3
> > Date: Sun, 11 Jan 2004 16:57:22 -0500
> > From: Ramon F Herrera <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> > Subject: Need to do reverse authentication
> > Reply-To: [EMAIL PROTECTED]
> >
> >
> > The Cisco AAA Radius authentication is broken and I need to
> > modify radiusd to solve the problem.
> >
> > I am trying to implement a negative or reverse authentication,
> > a sort of black list: if the user (actually, dialing phone number) is
> > present
> > in the Radius database, the authentication should be Access-Reject and
> > is the user is missing the authentication should be Access-Accept.
> >
> > The whole thing is very simple, there are not even password.
> > Only the presence or absense of a user is relevant.
> >
> > I was looking at the file 'auth.c' but I would rather get some advise
> > from some knowledgeable Radius programmer.
> >
> > Where is the easiesto or most straightforward part to make
> > the modification?
> > I tried:
> >
> > return -result;
> >
> > but it didn;t work. :-\
> >
> > TIA,
> >
> > -Ramon F. Herrera
> >
> >
> >
> >
> >
> >
> > --__--__--
> >
> > Message: 4
> > From: "Alan DeKok" <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> > Subject: Re: haevy Performance and load requirements
> > Date: Sun, 11 Jan 2004 17:21:30 -0500
> > Reply-To: [EMAIL PROTECTED]
> >
> > "Stefan" <[EMAIL PROTECTED]> wrote:
> > > I'm not sure, how performant a Freeradius can be build up.
> >
> >
> > http://lists.cistron.nl/pipermail/freeradius-users/2002-Novemb
> > er/014040.html
> >
> > http://lists.cistron.nl/pipermail/freeradius-users/2003-June/0
> > 19644.html
> >
> > Better than many other servers.
> >
> > > Would it be possible, to set up a system, which is able to
> > support a peak
> > > load of 500+ Access Requests/s for a time frame of about 15 s?
> >
> > Yes.
> >
> > > Is there anybody, who has build a system like that? What
> > kind of HW do I
> > > need (wee will need 99.9999% system reliability)
> >
> > Then you probably want a UPS, and multiple RADIUS servers.
> >
> > > BTW: somebody in my company told me, it would all fit in a
> > 'pizza box' ...
> > > which should mean a small SUN System.... How far is he away from the
> > > reality, beside the fact, that this would not meet our
> > fault tolerance
> > > requirement?
> >
> > It would probably work. But for high reliability, you'd want
> > multiple machines.
> >
> > Alan DeKok.
> >
> >
> > --__--__--
> >
> > Message: 5
> > Date: Mon, 12 Jan 2004 01:30:38 +0200
> > From: Evren Yurtesen <[EMAIL PROTECTED]>
> > Subject: Re: haevy Performance and load requirements
> > To: [EMAIL PROTECTED]
> > Reply-To: [EMAIL PROTECTED]
> >
> > Of course it should be possible with fast enough CPU's :)
> > If not you can load balance the requests. It shouldnt be difficult to
> > stack up your friend's pizza boxes over each other :) Also achieving
> > fault tolerance at the same time (maybe 100% unless your power supply
> > fails :) then you can use multiple power supplies)
> >
> > There is a document in freeradius distribution in
> > doc/performance-testing by following that document you might
> > be able to
> > make a nice test and figure out the speed of freeradius in
> > those pizza
> > boxes. :) Then stack up enough pizza boxes to support 500+ access
> > requests. In future you can stack up more pizza boxes to even
> > increase
> > performance when you need so. (I doubt you will need many)
> >
> > By the way a personal opinion, when a pizza box is branded as
> > Sun, its
> > too expensive compared to functionality :)
> >
> > Evren
> >
> > Stefan wrote:
> >
> > > Gurus,
> > >
> > > I'm not sure, how performant a Freeradius can be build up.
> > >
> > > Would it be possible, to set up a system, which is able to
> > support a peak
> > > load of 500+ Access Requests/s for a time frame of about 15 s?
> > >
> > > As my users are stored in an LDAP directory (which does
> > support about 1000
> > > queries/s peak) the requested configuration must lookup the
> > user there.
> > > Also, the system must be able to assign the IP addresses
> > for the users.
> > > I will have to build a database, to store all RADIUS
> > sessions to be able to
> > > retrieve for actual and past sessions.
> > >
> > > As of my knowledge, the main performance issues are the
> > Database, the IP
> > > address assignment and the online database replication (for
> > fault tolerance
> > > reasons).
> > >
> > > Is there anybody, who has build a system like that? What
> > kind of HW do I
> > > need (wee will need 99.9999% system reliability)
> > >
> > >
> > > BTW: somebody in my company told me, it would all fit in a
> > 'pizza box' ...
> > > which should mean a small SUN System.... How far is he away from the
> > > reality, beside the fact, that this would not meet our
> > fault tolerance
> > > requirement?
> > >
> > > rg. Stefan
> > >
> >
> >
> >
> > --__--__--
> >
> > Message: 6
> > Date: Sun, 11 Jan 2004 16:08:06 -0800 (PST)
> > From: fsfs fsd yyy <[EMAIL PROTECTED]>
> > Subject: FreeRADIUS with Active Directory ?
> > To: [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]
> > Reply-To: [EMAIL PROTECTED]
> >
> > Hi,
> >
> > I have looked into features list, mailing archives
> > and could not find the following information:
> >
> > 1) Can FreeRADIUS use ActiveDirectory for User
> > Profile storage ? If so, does it work for all
> > wireless methods ?
> >
> >
> > 2) I see that in other implementations, server
> > uses LDAP interface to AD to talk to AD. Thus
> > PAP works. I am not sure of others.
> > Does anyone have any information ?
> >
> > 3) clip from an eamil in archive: "
> > > I looked briefly pam_smb, but as best as I could
> > determine, it will
> > > not work with AD. AFAIK, IAS is the only means to
> > authenticate users to
> > AD."
> > Question: then what does pam_smb do ?
> >
> > Can someone share their experience of usage
> > of FreeRADIUS with AD in 802.1x/EAP environments ?
> >
> > Thanks,
> >
> >
> >
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
> > http://hotjobs.sweepstakes.yahoo.com/signingbonus
> >
> >
> > --__--__--
> >
> > Message: 7
> > Subject: Re: rlm_sql_mysql Error
> > From: Brian Thelin <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> > Organization:
> > Date: 11 Jan 2004 18:33:25 -0700
> > Reply-To: [EMAIL PROTECTED]
> >
> > have you loaded the MySQL-Devel......rpm??
> >
> >
> > On Sun, 2004-01-11 at 11:52, Sarky wrote:
> > > I have done few things and made sure that /usr/local/lib is where
> > > freeradius is looking, the
> > > only files remotely the same are rlm_sql_mysql.a and
> > rlm_sql_mysql.la
> > >
> > >
> > > any ideas?
> > >
> > > Sarky
> > >
> > > -------Original Message-------
> > >
> > > From: [EMAIL PROTECTED]
> > > Date: Sunday, January 11, 2004 04:06:10 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: rlm_sql_mysql Error
> > >
> > >
> > > Hi all
> > >
> > > I have read the FAQ and i saw the error but i tried to rectify and i
> > > dont know why it is not working
> > > at the moment rlm_sql_mysql is localted on my system only
> > in one place
> > > which is freeradius/src/modules/rlm_sql/
> > > drivers/rlm_sql_mysql/ and in that i mean the only thing
> > which is the
> > > same is the directory name.
> > >
> > > i have linked that dircetory to the /usr/lib and to /usr/local/lib
> > > /etc/ld.so.conf is pointing at the latter one and it is still aint
> > > working
> > >
> > > i am using RH9.0 please help
> > >
> > > Thank you
> > >
> > > sarky
> > >
> > > rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found
> > > rlm_sql (sql): Make sure it (and all its dependent
> > libraries!) are in
> > > the search path of your system's ld.
> > > radiusd.conf[14]: sql: Module instantiation failed.
> > >
> > >
> > >
> > > ____________________________________________________
> > > IncrediMail - Email has finally evolved - Click Here
> >
> >
> >
> > --__--__--
> >
> > Message: 8
> > From: "Shannon Sariman" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Subject: How to get up-to-date Radius Accounting Information
> > transfered to a MySQL database
> > Date: Mon, 12 Jan 2004 12:58:59 +1000
> > Reply-To: [EMAIL PROTECTED]
> >
> > Hello all,
> >
> > I'm new to freeradius and would need some help re "how to get
> > up-to-date
> > Radius accounting info transfered to a MySQL database". I
> > would like MySQL
> > to account for radius acoounting info. I checked out the
> > following URL:
> > http://www.frontios.com/freeradius.html and followed most of
> > the stuff that
> > was on there. I was able to get a MySQL schema for radius as
> > a result of
> > going through the short tutorial that was in the above URL.
> > My problem is
> > trying to get the actual radius accounting data into MySQL
> > (.....with the
> > schema in place).
> >
> > Please help,
> >
> > Shannon
> >
> >
> >
> >
> >
> >
> >
> > --__--__--
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> >
> > End of Freeradius-Users Digest
> >
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
![http://www.e-hostzz.com/fiter1.jpg"](http://www.e-hostzz.com/fiter1.jpg"){kind=link}