On 01/05/2015 04:28 PM, Itzik Ben Itzhak wrote: > I would like to configure two Radius servers for a roaming partner (proxy) > as a handler, > > can I configure it like the below? Just adding another host as the second > server? Should I carnage some parameters at the first one?
You should define FailureBackoffTime for the first Host. The default is 0 which means the host is never considered as failed. This is usually fine when there is only one host but since you have two, you should set it to a non-zero value so that the failover can happen. Please see the reference manual for details. The correct value depends on your environment, for example, if a failure happens how long the host is usually down (if this is known). MaxFailedRequests 1 Retries 3 RetryTimeout 5 The above mean that when a request is sent, response is waited for 5 seconds. When there is no response, 3 retries with 5 second timeout are sent. If there was no response, 1 request has failed and the next Host is tried. In other words, it will take 20 seconds to find out if the request can not be sent through the current Host and the next Host is chosen. The current Host will then be ignored for forwarding for FailureBackoffTime seconds. I hope the above helps understanding the parameters, please check the reference manual too, and setting them correctly to match your environment. Thanks, Heikki > Thank you > > <Handler User-Name=/^boingo\//> > AuthByPolicy ContinueWhileIgnore > LogRejectLevel 3 > > <AuthBy RADIUS> > AcctPort 1813 > AuthPort 1812 > CacheOnNoReply 1 > CachePasswordExpiry 86400 > EAPAnonymous anonymous > EAPContextTimeout 1000 > EAPFAST_PAC_Lifetime 7776000 > EAPFAST_PAC_Reprovision 2592000 > EAPTLS_MaxFragmentSize 2048 > EAPTLS_PEAPVersion 0 > EAPTLS_SessionResumption 1 > EAPTLS_SessionResumptionLimit 43200 > EAPTLS_VerifyDepth 1 > KeepaliveTimeout 0 > LocalAddress 0.0.0.0 > MaxFailedGraceTime 0 > MaxFailedRequests 1 > OutPort 0 > PasswordPrompt password > Retries 3 > RetryTimeout 5 > SIPDigestRealm DefaultSipRealm > Secret tom!jerry# > > <Host 54.77.144.149> > AcctPort 1813 > AuthPort 1812 > BogoMips 1 > KeepaliveTimeout 0 > LocalAddress 0.0.0.0 > MaxFailedGraceTime 0 > MaxFailedRequests 1 > OutPort 0 > Retries 3 > RetryTimeout 5 > Secret somesecret > </Host> > > > < Host 54.164.51.1 > > AcctPort 1813 > AuthPort 1812 > BogoMips 1 > KeepaliveTimeout 0 > LocalAddress 0.0.0.0 > MaxFailedGraceTime 0 > MaxFailedRequests 1 > OutPort 0 > Retries 3 > RetryTimeout 5 > Secret somesecret > </Host> > </AuthBy> > </Handler> > -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
