[geeks] LDAP/FreeRadius.

Dan Debertin geeks at sunhelp.org
Wed May 30 10:40:15 CDT 2001


Tim,
	I know from being on the freeradius-{devel,users} lists for awhile
that several people are using freeradius+LDAP in production environments.
So it evidently works well, although I, like most people, cannot use code
in production that the authors label alpha or beta, just as a matter of
policy.

	If you're doing auth out of mysql, I would guess that you're using
ICRADIUS, freeradius, or cistron+mysql-patches, right? You can get a
tolerable amount of redundancy by running local slaves on your RADIUS
servers, replicating a master server. Make all of your changes to the
master (i.e., point your administrative applications at it), and they will
be sucked over to the slaves quite quickly.

	You can't insert data into the slave databases, though, so you
would have to tell your RADIUS servers to connect directly to the master
to insert accounting data. I posted a little patch icradius-list that
makes the daemon not die if the accounting database server goes away --
you lose data, but at least there's no interruption of service.

I'll be switching to freeradius not long after it goes stable, but this
configuration has proven pretty stable; we can shut down mysqld on the
master server and not see any problems.


Dan
--
Dan Debertin
airboss at nodewarrior.org
www.nodewarrior.org









More information about the geeks mailing list