[RADIATOR] Proxy Radius server configuration for fail over

Heikki Vatiainen hvn at open.com.au
Tue Jan 6 06:30:35 CST 2015 

On 01/05/2015 04:28 PM, Itzik Ben Itzhak wrote:

> I would like to configure two Radius servers for a roaming partner (proxy)
> as a handler,
> 
> can I configure it like the below? Just adding another host as the second
> server? Should I carnage some parameters at the first one?

You should define FailureBackoffTime for the first Host. The default is
0 which means the host is never considered as failed. This is usually
fine when there is only one host but since you have two, you should set
it to a non-zero value so that the failover can happen. Please see the
reference manual for details.

The correct value depends on your environment, for example, if a failure
happens how long the host is usually down (if this is known).

  MaxFailedRequests 1
  Retries 3
  RetryTimeout 5

The above mean that when a request is sent, response is waited for 5
seconds. When there is no response, 3 retries with 5 second timeout are
sent. If there was no response, 1 request has failed and the next Host
is tried. In other words, it will take 20 seconds to find out if the
request can not be sent through the current Host and the next Host is
chosen. The current Host will then be ignored for forwarding for
FailureBackoffTime seconds.

I hope the above helps understanding the parameters, please check the
reference manual too, and setting them correctly to match your environment.

Thanks,
Heikki

> Thank you
> 
> <Handler User-Name=/^boingo\//>
> 	AuthByPolicy ContinueWhileIgnore
> 	LogRejectLevel 3
> 
> 	<AuthBy RADIUS>
> 		AcctPort 1813
> 		AuthPort 1812
> 		CacheOnNoReply 1
> 		CachePasswordExpiry 86400
> 		EAPAnonymous anonymous
> 		EAPContextTimeout 1000
> 		EAPFAST_PAC_Lifetime 7776000
> 		EAPFAST_PAC_Reprovision 2592000
> 		EAPTLS_MaxFragmentSize 2048
> 		EAPTLS_PEAPVersion 0
> 		EAPTLS_SessionResumption 1
> 		EAPTLS_SessionResumptionLimit 43200
> 		EAPTLS_VerifyDepth 1
> 		KeepaliveTimeout 0
> 		LocalAddress 0.0.0.0
> 		MaxFailedGraceTime 0
> 		MaxFailedRequests 1
> 		OutPort 0
> 		PasswordPrompt password
> 		Retries 3
> 		RetryTimeout 5
> 		SIPDigestRealm DefaultSipRealm
> 		Secret tom!jerry#
> 
> 		<Host 54.77.144.149>
> 			AcctPort 1813
> 			AuthPort 1812
> 			BogoMips 1
> 			KeepaliveTimeout 0
> 			LocalAddress 0.0.0.0
> 			MaxFailedGraceTime 0
> 			MaxFailedRequests 1
> 			OutPort 0
> 			Retries 3
> 			RetryTimeout 5
> 			Secret somesecret
> 		</Host>
> 
> 
> <                             Host 54.164.51.1 >
> 			AcctPort 1813
> 			AuthPort 1812
> 			BogoMips 1
> 			KeepaliveTimeout 0
> 			LocalAddress 0.0.0.0
> 			MaxFailedGraceTime 0
> 			MaxFailedRequests 1
> 			OutPort 0
> 			Retries 3
> 			RetryTimeout 5
> 			Secret somesecret
> 		</Host>
> 	</AuthBy>
> </Handler>
> 


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list