Phil Mayers wrote: >> >> There are patches to enable this, but they have not, as yet, been >> integrated. In any case, they won't help you to fail over from one >> server to another. > > If/when those patches get integrated, it would be highly useful to > support failover between servers. I guess the requirements for this > would be:
Bleah. I guess it's possible, but it's pretty ugly. > 1. Expose the openssl session cache config, so that distcache can be > configured to share the SSL sessions between servers As always, patches are welcome. :) On a related note, sharing the RADIUS packets between servers would be a good idea. It would avoid duplicate handling of Access-Request or Accounting-Request. > 2. Implement some way of attaching the PEAP/TTLS tunnel state to the > session cache, or otherwise be reachable by the other FreeRadius server, > so that when resumption occurs the inner info can be (re)used for > authorization. You can register callbacks to store OpenSSL contexts somewhere outside of main memory. It's not hard, but it requires someone to write the code. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html