to set up fail-over using two home servers in this scenario?
Thank you and best regards,
Bertalan Voros
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Bertalan Voros wrote:
There is a freeradius server that is proxying every mschapv2 request to
a homeserver using the DEFAULT realm.
The same server is also handling EAP requests and then proxying the
inner request through the DEFAULT realm.
Is is possible to set up fail-over using two
Dear Community of FreeRadius Greetings,
i am not new to open source Linux / Unix system but new to FreeRadius.
Have anyone got FreeRadius AAA running in fail over mode (replication)? it
is possible to download .ovf template from some where, already configured
up and running FreeRadius?
Thanks
Dear Community of FreeRadius Greetings,
i am not new to open source Linux / Unix system but new to FreeRadius.
Have anyone got FreeRadius AAA running in fail over mode (replication)?
Yes.
it
is possible to download .ovf template from some where, already configured
up and running
On 15 Oct 2012, at 10:16, Shiv. Nath prabh...@digital-infotech.net wrote:
Dear Community of FreeRadius Greetings,
i am not new to open source Linux / Unix system but new to FreeRadius.
Have anyone got FreeRadius AAA running in fail over mode (replication)?
If you mean replicating packets
Hi there,
I can't get FreeRADIUS to ignore error and continue processing when 1 DB is
down even when it can connect to the other DB. Below is my config.
# radiusd.conf
instantiate {
...
redundant redundant_sql {
sql1
sql2
handled
PM
Subject: MySQL Fail Over Error When 1 DB is Down
Hi there,
I can't get FreeRADIUS to ignore error and continue processing when 1 DB is
down even when it can connect to the other DB. Below is my config.
# radiusd.conf
instantiate {
...
redundant redundant_sql {
sql1
Det Det wrote:
When I shutdown one of the DB, it generates an error. How do I tell
freeradius to ignore that and proceed if it can connect to at least one
of the DB?
You don't.
The only way to change this is via source code patches.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
is up, don't
bother, continue to operate, and vice versa, so long as it still has a DB to
use. I saw this link but I can't get it to work. It is using the rlm_always
module.
http://wiki.freeradius.org/Fail-over
thanks,
det
From: Alan DeKok al
it to work. It
is using the rlm_always module.
http://wiki.freeradius.org/Fail-over
Fail-over is for when something goes wrong while the server is running.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
into place.
I think you're better off doing redundancy a layer up, though, like
_-radius1 -db1
NAS_ X |
-radius2 -db2
i.e., if db1 is down, go ahead and allow radius1 to return failure to the NAS,
which will then fail over to radius2.
-
List info/subscribe/unsubscribe? See http
Hi,
Sorry, I honestly don't mean it that way. I just want to clarify some of that
thoughts/concepts. I understand now what you mean by this.
Fail-over is for when something goes wrong while the server is running.
Thanks,
Det
Sent from my iPad
On Aug 29, 2011, at 9:34 PM, Alan DeKok al
_-radius1 -db1
NAS_ X |
-radius2 -db2
i.e., if db1 is down, go ahead and allow radius1 to return failure to the NAS,
which will then fail over to radius2.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http
魏景鹏 wrote:
I've configured two home_server for a pool with type=fail-over, when the
1st one not start,FR didn't send the request to the 2nd one.
FreeRADIUS doesn't check if a home server starts. RADIUS doesn't
work that way.
The fail-over code works. Fail-over occurs when a home server
Hi Alan all,
I've configured two home_server for a pool with type=fail-over, when the
1st one not start,FR didn't send the request to the 2nd one.
Works fine when configured with type=load-balance.
following is my proxy.conf section:
home_server svr1st {
type = auth+acct
ipaddr = 192.168.0.2
Hi Alan all,
I found that when radiusd started with -X, the config-item of type =
fail-over in proxy.conf will not take effect.
Anyone to confirm that?
B.R.
Wei JingPeng
Wei JingPeng wrote:
Hi Alan all,
I've configured two home_server for a pool with type=fail-over, when the
1st one
Hello,
I have Freeradius 2.1.8.
I want to return an error code if my freeradius can't contact with the
backend.
Here is my authorize section:
authorize {
. . .
switch %{Realm} {
case 'temp.unex.es' {
sql {
fail = 1
}
Ana Gallardo wrote:
I want to return an error code if my freeradius can't contact with the
backend.
Here is my authorize section:
authorize {
. . .
switch %{Realm} {
...
}
if (fail) {
That won't work, unfortunately. The return codes of *modules* can be
.
[1] http://wiki.freeradius.org/Fail-over
--
*Fabien COMBERNOUS*
/unix system engineer/
www.kezia.com http://www.kezia.com/
*Tel: +33 (0) 467 992 986*
Kezia Group
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fabien COMBERNOUS wrote:
In the freeradius wiki a page give informations about failover [1]. It
explains how to setup two sql modules pointing to two dbms. But in this
setup, the radius server is a single point of failure. How to setup two
radius servers speaking with two dbms ?
Configure
As I at first assumed...So, this is a bug after all. If I put ipaddr =
localhost in a home_server definition I get the failed authentication I
described in my first note. You can see in proxy.conf configuration lines
I included, where ipaddr is set to localhost for all four home_server
Emmett Culley wrote:
As soon as I changed the ipaddr parameter in all four home_server
definitions, and reset the server, I was able to properly authenticate.
Nothing else was changed.
You may also try using the 2.1.7-pre code: http://git.freeradius.org/pre/
It contains a fix where the
Ivan Kalik wrote:
As I at first assumed...So, this is a bug after all. If I put ipaddr =
localhost in a home_server definition I get the failed authentication I
described in my first note. You can see in proxy.conf configuration lines
I included, where ipaddr is set to localhost for all four
.
Using the same proxy.conf file I sent in my first note and changing the
ipaddr variable to 127.0.0.1 instead of localhost for each home server
allowed me to successfully connect to the primary radius server. I won't
have a secondary server set up until next week, at which time I'll test if
the fail
Emmett Culley wrote:
It's not a bug. Hostname lookups are disabled by default in radiusd.conf.
Along with explanation why enabling it is a bad idea.
...
Ah, I didn't occur to me that host name look ups off would prevent the
server from looking up hosts defined in the configuration files.
Alan DeKok wrote:
Emmett Culley wrote:
It's not a bug. Hostname lookups are disabled by default in radiusd.conf.
Along with explanation why enabling it is a bad idea.
...
Ah, I didn't occur to me that host name look ups off would prevent the
server from looking up hosts defined in the
the same proxy.conf file I sent in my first note and changing the ipaddr
variable to 127.0.0.1 instead of localhost for each home server allowed me to
successfully connect to the primary radius server. I won't have a secondary
server set up until next week, at which time I'll test if the fail
proxy.conf file I sent in my first note and changing the
ipaddr variable to 127.0.0.1 instead of localhost for each home server
allowed me to successfully connect to the primary radius server. I won't
have a secondary server set up until next week, at which time I'll test if
the fail over
Hum, now all works perfectly. My reply-item are present now, I will try now to
understand why it works. Thanks to Ivan Kalik for his help and all freeradius
project.
Ldap.attrmap:
[...]
checkItem Cleartext-Password userPassword
Users:
DEFAULT ldaplabobe2-Ldap-Group ==
Hi all
I try to do a fail-over with two ldap on my freeradius. I read this article
http://wiki.freeradius.org/Fail-over, I instantiated two openldap modules and i
use the keyword redundant in my /raddb/site-available/default in authorize and
authenticate section.
redundant
I try to do a fail-over with two ldap on my freeradius. I read this
article http://wiki.freeradius.org/Fail-over, I instantiated two openldap
modules and i use the keyword redundant in my
/raddb/site-available/default in authorize and authenticate section.
redundant
Thanks for your responce, I read http://freeradius.org/radiusd/doc/rlm_ldap , I
am focus on section GROUP SUPPORT.
So I have two ldap module instances in raddb/modules/ldap :
ldap ldaplabobe2 { [...] }
ldap ldaplabobe1 { [...] }
I added the ldap module in the instantiate{} block in
(following my last mail)
I read in my log:
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
So in the user file I replace
DEFAULT ldaplabobe2-Ldap-Group == administrateur, User-Profile :=
cn=administrateur,ou=Profiles,dc=netplus,dc=fr
Emmett Culley wrote:
However, as soon as I attempt to define a set of main and backup
servers, then use the auth_pool and acct_pool variables I get the
following error:
Ignoring spoofed proxy reply. Signature is invalid
That's pretty definitive. It means that the shared secret is wrong.
the request to the first live home server in the list
(fail-over method).
Radius Proxy sends the request towards Server1. Server 1 is down. Now
the Radius Proxy rejects the Request.
Radius Client Radius Proxy
Radius Server1
(fail-over method).
Can RadiusProxy send the request directly towards Server2, if Server1 is
down?
Yes. Read instructions in proxy.conf.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
}
server_pool my_rlm_auth_pool {
type = fail-over
home_server = my_rlm_auth
#home_server = Primary_my_rlm_auth
#home_server = Secondary_my_rlm_auth
}
server_pool my_rlm_acct_pool {
type = fail-over
home_server = my_rl_acct
#home_server = Primary_my_rlm_acct
Peter Ellens wrote:
Would it be possible to implement time outs on the calls to the mysql
libraries?
The MySQL reference API suggests that this is possible:
http://dev.mysql.com/doc/refman/5.1/en/mysql-options.html
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Peter Ellens wrote:
If I stop the first sql server service, freeradius starts to use the
second sql server, as expected.
But if I stop the entire first server (ie poweroff) freeradius still
continues to try and use sql1, hanging...
FreeRADIUS is at the mercy of the MySQL client libraries.
Hi Everyone
I've been trying to setup MySQL fail over with freeradius
I've followed http://wiki.freeradius.org/SQL_HOWTO#Additional_Snippets
But I get weird results.
If I stop the first sql server service, freeradius starts to use the second
sql server, as expected.
But if I
Guillaume Rousse wrote:
What's wrong with just looking recursively for the name under which the
module has been instanciated in the authorization section, without
interpreting fail-over behaviour at all ?
Because it may be listed under multiple Auth-Type sections. This is
something
instanciated in the authorization section, without
interpreting fail-over behaviour at all ?
The problem is a common one in computer science: write a program that
understands what another program is doing. This problem is generally
known to be impossible.
Here the communication occurs between the main
the authorisation phase. However, whatever
its value, it's automatically disabled when launching radius at startup:
Tue Apr 29 14:07:17 2008 : Debug: rlm_ldap: Over-riding set_auth_type,
as we're not listed in the authenticate section.
Here is my autenticate section, using two ldap modules in fail-over
in fail-over:
authenticate {
Auth-Type LDAP {
redundant {
ldap1
ldap2
ldap1 != LDAP.
handled
}
}
}
If I drop failover, everything work as expected. Should I report
.
I guess you mean 'not aware'
Here is my autenticate section, using two ldap modules in fail-over:
authenticate {
Auth-Type LDAP {
redundant {
ldap1
ldap2
ldap1 != LDAP.
Right, but that seems to be only a syntax
Guillaume Rousse wrote:
It does. But clarification between what's old and what's new syntax
doesn't harm.
The new syntax is documented, and is preferred. If you try the old
one (undocumented and deprecated), it works. What needs clarification?
Right, but that seems to be only a syntax
Alan DeKok a écrit :
Guillaume Rousse wrote:
It does. But clarification between what's old and what's new syntax
doesn't harm.
The new syntax is documented, and is preferred. If you try the old
one (undocumented and deprecated), it works. What needs clarification?
It is not documented
Guillaume Rousse wrote:
It is not documented in the rlm_ldap file shipped in top-level directory
(at least for release 2.0.0). The fact that there is a huge redundancy
between this file and comments in default configuration files doesn't
help maintaining a reference documentation.
The
gives an
error:
/usr/local/etc/raddb/proxy.conf[87]: Unknown home_server local_IAS.
Yes. The home_server is not a home_server_pool.
Anyone any ideas how to mix round-robin servers with fail-over?
Edit the source code.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
)
if the other two were not available.
I have configured the proxy.conf 'home_server_pool's as:
home_server_pool local_IAS {
type = client-port-balance
home_server = svr-1
home_server = svr-2
}
home_server_pool local_proxies {
type = fail-over
Hello,
I Just move from OpenRadius to Freeradius and I couldn't find any
place to tell the accounting module to write the sql insert command
into a file if the MySQL server is not available.
I found a way to do it on the detail file, but not on a file to leave
all the INSERT querys for later
Wilmar Campos wrote:
Hello,
I Just move from OpenRadius to Freeradius and I couldn't find any
place to tell the accounting module to write the sql insert command
into a file if the MySQL server is not available.
rlm_sql_log. It's another module, rather than being part of rlm_sql,
but it
Can you please give me an example how to use it?
Thanks,
WIlmar
On 11/30/06, Alan DeKok [EMAIL PROTECTED] wrote:
Wilmar Campos wrote:
Hello,
I Just move from OpenRadius to Freeradius and I couldn't find any
place to tell the accounting module to write the sql insert command
into a file if
Wilmar Campos wrote:
Can you please give me an example how to use it?
It has documentation, and comments in it's configuration, I believe.
Do you have specific questions?
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The
I Already found the documentation, thank you very much.
Wilmar
On 11/30/06, Alan DeKok [EMAIL PROTECTED] wrote:
Wilmar Campos wrote:
Can you please give me an example how to use it?
It has documentation, and comments in it's configuration, I believe.
Do you have specific questions?
I've tried to let the sql {} but it said rlm_sql_sql is not a valid sql
driver or something like that.
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de Alan
DeKok
Envoyé : lundi 20 septembre 2004 21:11
À : [EMAIL PROTECTED]
Objet : Re: RE : Fail over
I 'm trying to setup Freeradius with 2 sql servers for a failover.
In the radiusd.conf
In the authorize section I have
redundant{
sql
sql2
}
Then I start it I get
Mon Sep 20 08:37:16 2004 : Info: rlm_sql (sql): Attempting to connect to
[EMAIL
Cris Boisvert [EMAIL PROTECTED] wrote:
In the radiusd.conf
In the authorize section I have
redundant{
sql
sql2
}
Ok...
Mon Sep 20 08:37:16 2004 : Error: radiusd.conf[14] Failed linking to
rlm_sql2 structure in radiusd.conf: /usr/lib/rlm_sql2.so:
PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de Alan
DeKok
Envoyé : lundi 20 septembre 2004 16:23
À : [EMAIL PROTECTED]
Objet : Re: Fail over mysql backend
Cris Boisvert [EMAIL PROTECTED] wrote:
In the radiusd.conf
In the authorize section I have
redundant{
sql
EROS [EMAIL PROTECTED] wrote:
If you need redondant your sql1 and sql2 .conf must be :
...
You should remove the sql { }
Tis is what i've must done to make this working
I *really* don't recommend doing that. If it works, it's an
accident, and the server is NOT intended to work that way.
hi list,
i'm trying to do configurable fail-over on the accounting section using
sql:
modules {
sql cdr1 {
server = x.x.x.x
radiusdb = cdr
blah blah
}
sql cdr2 {
server = y.y.y.y
radiusdb
Thanks for your reply. Alan.
You showed the follow process.
1.Checking users file
If the User-Name is not found, go to Checking SQL(Mysql) DataBase.
Check the Calling-Station-Id.
if the Calling-Station-Id is correct, continue to authenticate
if the
, there
is no chance to change that.
regards arne
PS.: Feel free to tell me about any bug in these scripts :)
I would also appriciate any enhancements :)
Message: 1
Date: Thu, 27 May 2004 18:28:14 +0200
To: [EMAIL PROTECTED]
From: Juan [EMAIL PROTECTED]
Subject: Fail-Over
Reply
On Mon, 31 May 2004, Alan DeKok wrote:
Juan [EMAIL PROTECTED] wrote:
i have read configurable_failover for three times but i can not do
that freeradius failover with ippool. I have two pools that i want
to use then for all my users. I need that freradius start to asign
IPs from the
baffy200y [EMAIL PROTECTED] wrote:
1.Checking users file
If the User-Name is found,check the User-Password.
The server can't do that. The authorize section doesn't do any
authentication.
I would re-write your request as:
1.Checking users file
If the User-Name is not found, go to
Juan [EMAIL PROTECTED] wrote:
i have read configurable_failover for three times but i can not do
that freeradius failover with ippool. I have two pools that i want
to use then for all my users. I need that freradius start to asign
IPs from the second Pool whe the first is full. I do not known
Hi,all.
(B
(BI want to set up freeradius which use users file and sql database for
(Buser authenticating.
(B
(BBut I can not set up well.
(BCan I set up freeradius as follow?
(B
(B
(B1.Checking users file
(B If the User-Name is found,check the User-Password.
(B if the User-Password
Hello,
i have read configurable_failover for three times
but i
can not do that freeradius failover with ippool. I
have
two pools that i want to use then for all my
users. I
need that freradius start to asign IPs from the
second
Pool whe the first is full. I do not known what i
must
read to
in configuring the proxy servers for fail over.
Please find the proxy configuration I have done in the primary and
secondary radius servers.
Primary Server (proxy.conf)
realm DEFAULT{
type = radius
authhost = wifi-test3.adventnet.com:1812
accthost = wifi-test3
vasus.adventnet.com port 0 cli 31)
Thu Apr 8 12:34:28 2004 : Debug: Delaying request 0 for 1 seconds
Thanks,
Vasudevan.S
Hi,
Can anyone help me in configuring the proxy servers for fail over.
Please find the proxy configuration I have done in the primary and
secondary radius servers.
Primary Server
Dear All,
Is there any document to configure failover using free radius
installation if distributed setups (diff networks). If there is one
please point to the doc.
Thanks,
Vasudevan.S
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
71 matches
Mail list logo