Hello Jay -
On Thu, 06 Apr 2000, Jay West wrote:
> I'm not sure if this went out to the list, so pardon me if I'm reposting...
>
> > Current setup:
> > Two FreeBSD machines, each one running radiator (radius1 and radius2)
> > Two FreeBSD machines, each one running MySQL for the radiator database
> > (mysql1 and mysql2)
> > Cisco 3640 router (NAS) terminating L2F sessions for each dialup user
> >
> > The cisco 3640 is set to try authenticating via radius first on radius1,
> and
> > if that times out to authenticate on radius2. Radius1 uses the SQL
> database
> > on mysql1 and radius2 uses the SQL database on mysql2. There are some high
> > availability problems with this setup - if mysql1 goes down, the cisco
> won't
> > know it and will keep querying radius1. The cisco does support (at the
> > latest IOS release) rotating between multiple radius servers, but that
> would
> > only let half the folks in.
> >
> > Changes I want to make:
> > What's the best way to set up high availability so that any host (except
> the
> > router) can fail and things will still work? I'm not currently using
> > maxlogins (or simultaneous-logins or maxsessions or whatever) but do plan
> to
> > in the very near future. I see many possibilities - but the first one I'm
> > thinking of is to set each of the two radius servers to query sql1 and if
> > that fails query sql2 (this done via specifying multiple sql servers in
> the
> > radius config file). But then the question becomes how to keep the
> databases
> > in sync between sql1 and sql2. I could set up some batch process to copy
> the
> > databases nightly, but doesn't this get in the way of trying to enforce
> > multiple logon limits?
> >
> > On a directly related note - is there any problems with having two copies
> of
> > radiator - one on each machine - working on the same database?
> >
> > Any hints from those who've done this before?? Net result should be two
> > radiator machines and two sql machines and any one can fail.
> >
I would be inclined to put a UDP redirector in front of your Radiator hosts to
transparently handle any number of hosts at a single IP address. Then I would
put my SQL database on a dual-port RAID box and have both servers access the
same database. I would also have a single session database for multiple logon
restriction.
And no, there are no problems with multiple radiator machines querying a single
database.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
