(RADIATOR) Secure reliable Radius? Now available for beta testing.
Ray Van Dolson
rayvd at corp.digitalpath.net
Fri Feb 11 11:03:12 CST 2005
Dave, definitely agree. The problem is that the Radius Client's on our NAS'es
do not "speak" the new Radiator TCP/secure TCP protocol to directly talk to
the central Radiator.
(we're using radiusclient which comes with Samba's pppd 2.4.3 project).
Hoping to get funds approved to contract someone at Radiator to add this
functionality to the radius client... :-)
Ray
On Fri, Feb 11, 2005 at 09:40:50AM -0500, Dave Kitabjian wrote:
>
>
> > -----Original Message-----
> > From: Ray Van Dolson [mailto:rayvd at corp.digitalpath.net]
> > Sent: Wednesday, February 09, 2005 2:08 PM
> > To: Mike McCauley
> > Cc: radiator at open.com.au
> > Subject: Re: (RADIATOR) Secure reliable Radius? Now available for beta
> > testing.
> >
> > So probably the best scenario for this would to have a Radiator server
> in
> > each
> > of our remote "locations" running in normal UDP mode since the NAS's
> > obviously
> > don't support your protocol. Then the Radiator server would proxy the
> > requests onward to the central one via TCP ... correct?
>
> [dhk] If you do it that way, you've introduced a single point of
> failure, which is the "central one". If you're going to do that, you
> might as well just get rid of the "satellite" Radiators and go straight
> from the NASes to the "central one". That will also speed things up a
> little.
>
> A better design would be to distribute or replicate your user database
> to each satellite from a central source. Then if the central source (or
> the links to the central source) go down, authentication is still live.
>
> Dave
>
--
Ray Van Dolson
Linux/Unix Systems Administrator
DigitalPath Networks
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list