[RADIATOR] Multiple radiator instances on single server?

Andrew Clark adc at umn.edu
Mon Oct 11 17:46:54 CDT 2010 

Great suggestion, Dave,

I just used that idea to finally get my authentication/accounting
split done in short order w/o disruption.  If you happen to run
TACACS+ as well, a run-time GlobalVar can come in handy, like so:

<ServerTACACSPLUS>
        # defined with GlobalVar at startup
        # see the radiator-auth and/or radiator-acct init scripts
        Port %{GlobalVar:tacacsport}

blah blah blah....
</Server>

and fire up the authentication process like so (which also handles all TACACS+)

/usr/bin/perl /usr/bin/radiusd -pid_file
/var/log/radius/radiusd-auth.pid -foreground -conf
/etc/radiator/radius.cfg -acct_port tacacsport=49

and the accounting process like so

/usr/bin/radiusd -pid_file /var/log/radius/radiusd-acct.pid
-foreground -conf /etc/radiator/radius.cfg -auth_port tacacsport=

Note that it seems you can't override a GlobalVar that is defined in
the configuration at startup like you can with auth_port or acct_port.

Of course, a separate TACACS+ process and configuration would probably
make more sense, if your RADIUS and TACACS+ worlds aren't horribly
entangled like mine.  At least this keeps silly accounting relay and
database issues from impacting authentication and buys me more time to
clean things up!

I should do a nicer write-up for the "goodies" directory.

-- 
Andrew D. Clark
Network Operations Engineer
University of Minnesota, Networking/Telecom Services
2218 University Ave SE
Minneapolis, MN 55414-3029
Phone: 612-626-4880

On Mon, Oct 11, 2010 at 1:37 PM, Dave Kitabjian <dave at netcarrier.com> wrote:
> fyi,
>
> You can also run separate instances with all pointing to a common config
> file, if that's simpler. That works if you can "override" everything
> instance-specific by using different command line arguments.
>
> A single config file can be easier to manage if they will otherwise
> duplicate a lot of the same configuration details, hooks, etc.
>
> Dave
>
> -----Original Message-----
> From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au]
> On Behalf Of Gregory Fuller
> Sent: Thursday, October 07, 2010 10:42 AM
> To: radiator at open.com.au
> Subject: [RADIATOR] Multiple radiator instances on single server?
>
> I'd like to go through and separate out my authentication, accounting,
> and tacacsplus radiator configurations each into its own separate
> radiator instance on the same server.  One radiator process would run
> just the radius authentication, one process for radius accounting, and
> one process for all tacacsplus auth/accounting.  I'm running Radiator
> 4.5 under CentOS 5.4.
>
> I know I can start another process from the commad line and pass my
> different config files into it without any problems.  Within the
> config files I have separated out the different parts of the config
> for each operation and made sure only the port #'s I want to listen on
> are listed in the configs.
>
> How are most places handling the running of multiple radiator
> instances on the same server using the standard RedHat/CentOS
> "services" functionalty?  Did you copy and rename /etc/init.d/radiator
> for each one of the services and modify each service script to load
> different config files on startup?
>
> Just trying to figure out the best way to manage this.  I'd like to be
> able to do something like the following:
>
> For radius authentication:      service radiator start
> For radius accounting:  service radiator-acct start
> For tacacs auth/accounting:     service radiator-tacacs start
>
> Any sample RedHat/CentOS service config files for doing this would be
> appreciated also.  Thanks!
>
> --greg
>
>
> Gregory A. Fuller - CCNA
> Network Manager
> State University of New York at Oswego
> Phone: (315) 312-5750
> http://www.oswego.edu/~gfuller
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
>
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>

More information about the radiator mailing list