« LHAVEN is dead, long live LHAVEN?Another Airport comes to Lunatic Haven »

Freeradius & DHCP Failover


  12:03:00 am, by The Dreamer   , 1362 words  
Categories: Software, Computer, Networking, WiFi, Ubuntu

Freeradius & DHCP Failover

Link: http://deployingradius.com/

During this work, the Airport Extreme listed options for two RADIUS servers. In one of the examples (for a different router), it said if you only have one RADIUS server...put its IP in for both. Well, I do have two Ubuntu servers...so it shouldn't be that hard to install it on the other server, 'Orac', as well. And, sync over the configs and give me redundancy. I was already sync'ng over my dhcp3-server configs there with the plan that someday I would have failover DHCP going. I had previously tried, but the servers were of different releases of Ubuntu...and therefore different versions of dhcp3-server, which meant it wouldn't work. So, I had commented things out. Plus I needed to reorganize the files so that dhcpd.conf would stay on each server, and the common part is sync'd between the two.

So, I cheated...a while back, I had peeked at that failover DHCP configuration at work and saw that it was a dhcpd.conf file on each server and it 'include's another file (which then includes much more...). So, I knew that I would eventually be doing something like this, so when I added the rsync for freeRADIUS...I updated the rsync of a different file than dhpcd.conf. For lack of a better name, I went with master.conf. Initially it was just a copy of my current dhcpd.conf, but dhcp3-server wasn't installed on 'Orac' yet...so the other pieces would wait.

I added a Makefile to /etc/freeradius to restart freeradius if either clients.conf or users got newer. freeradius could take HUP to see configuration changes, while dhcp3-server takes a restart and that's what the Makefile I was working on was original for.

So, having updated the rsync process and the Makefiles....I decided that I should really get dhcp failover going, before turning back to getting freeRADIUS working.

So, I created a new dhcpd.conf on 'box' and fired it up. Made some tweaks as it complained, and it seemed good. I do have a small DHCP range, but its a guest jail. Everything that matters is reserved. Well, at work, those 'host's are part of the 'subnet' declaration...with 'pool' at the top. But, when I restarted dhcp3-server on 'box', it warned me that the 'host' entries were global. Does that mean it doesn't really care in a failover situation? I had wondered if I really needed all this, but it wasn't clear what I had found online whether more than one dhcp server on the same network would get along even if there were no dynamic hosts. And, I'm still not really sure.

I then installed dhcp3-server on 'Orac', replaced the default dhcpd.conf with my secondary version of dhcpd.conf and had it include master.conf. It had tried to start, but failed, on install....had to tweak /etc/default/dhcp3-server....

And, then I tried to start it. I warned about "No subnet declaration for eth0 (" during the first start, and that it was "** Ignoring requests on eth0...." And, that it was "Not configured to listen on any interfaces!" Probably not what I wanted, eh? But, after a pause, it continued its startup....which included getting from my other DHCP server, the dhcpd.leases information. I looked at the configs, there's only one subnet defined..and its my entire network. So, it should've worked. I restart dhcp3-server and this time no message and all is happy. I guess it needed to talk the "failover peer" for the subnet before the subnet definition would be valid....

Later I saw that it was answering DHCPREQUESTs just as 'box' was...and things seemed to continue to work fine, and it would periodically rebalance the dynamic pool. I didn't realize how chatty some of my DHCP devices were. Namely my Nintendo 3DS. Doesn't seem to matter that default lease time is 24 hours, and max lease time is 7 days. I used to have both set to 2 weeks, but had lowered it because I thought some other device was having issues with long lease times. While, its the ReplayTV that didn't like short lease times...but there's only one in operation now...and I haven't touched it in months. I just records stuff, and people request shows from it...and I send them. No idea if the recording was good or not, though people usually tell me. I pretty much have no interest in watching SD if my TiVo fails to get something I want in HD. I'll go and seek out other sources first (Amazon Ondemand, NetFlix streaming, Amazon Prime Instant Video, Apple iTunes....) And, even if I do have to resort to SD...I don't watch it from my ReplayTV anymore....I'll opt for the extra work of transcoding it and sending it to a TiVo.

At one time, Cox had announced that they were going to bring ondemand to TiVo Premiere owners. I wonder what ever happened to that? :hmm:

Pages: · 2

No feedback yet

Now instead of subjecting some poor random forum to a long rambling thought, I will try to consolidate those things into this blog where they can be more easily ignored profess to be collected thoughts from my mind.

Latest Poopli Updaters -- http://lkc.me/poop


There are 18 years 8 months 24 days 6 hours 21 minutes and 27 seconds until the end of time.
And, it has been 6 years 4 months 3 days 7 hours 41 minutes and 29 seconds since The Doctor saved us all from the end of the World!


April 2019
Mon Tue Wed Thu Fri Sat Sun
 << <   > >>
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30          


  XML Feeds

Who's Online?

  • Guest Users: 2
This seal is issued to lawrencechen.net by StopTheHacker Inc.
powered by b2evolution

hosted by
Green Web Hosting! This site hosted by DreamHost.

monitored by
Monitored by eXternalTest
SiteUptime Web Site Monitoring Service
website uptime