On Thu, Nov 08, 2007 at 11:24:36AM +0100, Alan DeKok wrote: > Jens Dreger wrote: > > is simply no longer true. Checked the source: that option is gone. I > > really really think that option should be there, though. > > It's not only hard to do, it can cause problems. > > i.e. opening *double* the connections to your SQL server. That may be > an issue. > > > I know there > > is a shell script that starts a second server on a different port and > > waits to see if it starts successfully. But that's also broken since > > the -p Option doesn't seem to work in all cases: > > In CVS head and in 1.1.x, you need to do '-i' and '-p' together. > > > Also, that approach is somewhat ridiculous considered the importance > > of the radius server in our case. > > Yes. But please understand that this is *not* apache. FreeRADIUS has > 1% (or less) of the resources that the apache team has. And, the > integration between RADIUS and databases is *much* stronger and more > important than Apache. > > i.e. Apache can handle HUP && reload it's configuration because it > doesn't *do* anything. It doesn't cache connections. It doesn't > maintain a large number of connections to databases, etc. It can afford > to start up a completely brand new instance of itself from scratch, > because there are almost no side-effects to doing so. > > In contrast, FreeRADIUS has to keep packet caches. It usually has > large numbers of connections to database, etc.
Ok, maybe i should rephrase my question: I'm not so much interested in the HUP part, but the check-config part. I'm perfectly happy with stopping and starting the radius-server IF I can make sure it will succeed with the new config. I'm only changing the users file and have no database connections at all so this should be doable. A tool like radiusd-chkconfig (like bind offers) would probably be the right thing. I understand however that in a more complicated setup HUPs might be problematic. > You can update the script to add "-i 127.0.0.1" to it. After that it > *should* work, so long as you don't have limits on the number of > database connections, etc. ...or hit a used port by accident. This script is just no elegant solution. I guess I'll just have to keep two servers running on different IPs and check if the test-server crashes with the new users file before restarting the main server. > > I tried to change the Wiki entry but apparently I don't have permission > > to do so. > > Sign up for an account. It's not open because of the massive volume > of spammers who were attacking it. I tried. 'Create Account' just gives me a login screen with no way to to create an account. Am I missing something? Regards, Jens. -- Jens Dreger Freie Universitaet Berlin [EMAIL PROTECTED] Fachbereich Physik - ZEDV Tel: +49 30 83854774 Arnimallee 14 Fax: +49 30 83855902 14195 Berlin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
