How To Setup A Backup Radius Manager Install
Radius Manager is a product from DMA softlabs that acts as a radius authentication system for your wireless or hotspot clients. I personally use it for my hotspot clients in Mikrotik.
The point of this article is to show you how to add some redundancy to your configuration. The software is licensed via a MAC address on one of your server’s NICs. I think for the price of the software is great, so I would never advocate a method to circumvent licensing. What I’m showing you how to do is simply setup a backup box for authentication, not administration. When you duplicate the server as shown below the web GUI is no longer available…the box is only good for authentication; it will keep your clients working while you get the main box going again.
Step one is to have a valid, licensed, working build.
I, as most of you, installed my server on VMWare as a virtual guest. Duplicate your guest VM and move it to another VMWare host. The easiest way to do this is to browse your datastore, highlight the files, copy them, then create a new folder on the target VMWare host, and paste the files.
Start your newly duplicated VM and tell the system you copied it.
Edit your interface configuration in the server and give it a new IP address.
Edit the system hostname:
/etc/sysconfig/network Set hostname= to your new hostname.
/etc/hosts Set your hostname correctly to the new IP.
Use the hostname command from the cli to set your new hostname
1 | hostname my.new.hostname |
Edit the raddb client file to allow all clients to connect. When you use radius manager and add a new NAS, it manually updates the raddb client file, then restarts the radiusd service. Since radius manager isn’t running on your duplicated server you either need to manually update the config file with each NAS update or put a catchall client in the list.
/usr/local/etc/raddb/clients.conf
1 2 3 4 | client 0.0.0.0/0 { secret = SharedBackupPassword shortname = BackupClients } |
Now that this is done, clients can technically authenticate off of this box…once you add additional radius servers to your hotspot that is. One thing…there is no replication between the master radius box and this backup, so everything is stale. Let’s fix that!
First allow TCP 3306 in the input chain firewall on both of your servers.
Configure MySQL replication:
On the master server:
Edit /etc/my.cnf and add the following to the [mysqld] section:
1 2 | log-bin=mysql-bin server-id=1 |
Restart the mysql service:
1 | service mysqld restart |
Create a replication user from the mysql CLI:
1 2 | CREATE USER 'replication'@'%.mydomain.com' IDENTIFIED BY 'slavepass'; GRANT REPLICATION SLAVE ON *.* TO 'replication'@'%.mydomain.com'; |
From the mysql CLI issue “SHOW MASTER STATUS;” and record the “file” and “position”.
On the slave server:
Edit /etc/my.cnf and add the following to the [mysqld] section:
1 | server-id=2 |
From the mysql CLI issue:
1 2 3 4 5 6 | CHANGE MASTER TO MASTER_HOST='master_host_name', MASTER_USER='replication_user_name', MASTER_PASSWORD='replication_password', MASTER_LOG_FILE='recorded_log_file_name', MASTER_LOG_POS=recorded_log_position; |
From the same CLI issue:
1 | slave start; |
You can verify replication status via the CLI with:
1 | show slave status\G |
The easiest thing to do now is to reboot your secondary server.
Any changes you make to Radius Manager on the primary box should automatically replicate to our new backup box. If for some reason your primary box fails, clients can still authenticate off of your secondary box until you can stand the primary back up.
Thanks and happy routing guys.
this is the internet, of course, so I have to point out another way of copying it. I would just use the clone feature with in vCenter.
@Mike
True enough, but if you can afford vCenter, you can probably afford another $150 to get a second license on the server so you can admin from the backup unit also…hehehe