FreeRadius replication

itbit

Hi,

I have two Pfsenses boxes running freeradius but I would like to make one of them replicate the users information from the other one.

I tried setting up a script to copy the users file via shh

scp root@myradius.mydomain.com:/usr/local/etc/raddb/users /usr/local/etc/raddb/users

and then restarting the radiusd service but it does not seems to be working

If i go to the GUI no users show up and if I add one the whole users file gets re-written and will only include the user that I just added via the GUI

has anyone run into this issue before? is there better way to set the replication?

Nachtfalke

Hi,

I think there are different files for the GUI and the real "users" file of freeRADIUS.
I think you can sync the users files of both freeRADIUS and it will work but it will not show up in the GUI.
And like you said - after doing any changes on the freeRADIUS GUI all changes you did before will get lost.

I think you'll have to find the file which is responsible for the freeRADIUS GUI and sync this file, too.

If you found any solution, please let me know!

itbit

I Think I got it….
but I'm still testing

the easiest way seems to be to be to update /cf/conf/config.xml

and the run
./etc/rc.filter_configure
./etc/rc.packages

it seems that if you do other changes to the config.xml file
you should also run
./etc/rc.filter_configure_xmlrpc

for those changes to take effect.

hopefully this information helps other people.

Nachtfalke

Hi,

is this working for you, now ?

How do you only update the freeradius content of the config.xml file ?
Or did you found another solution ?

Thanks for your feedback.

marcelloc

Look at any .inc file from packages that sync conf between pfSense boxes and you will see that it's not So hard.

Then create an php script to do it for you.

Nachtfalke

@marcelloc:

Look at any .inc file from packages that sync conf between pfSense boxes and you will see that it's not So hard.

Then create an php script to do it for you.

Can you tell me one or two packages which are doing that ?
My both pfsense machines are NOT running in CARP mode - so is it than still possible to sync the packages ?

marcelloc

Varnish, postifix, haproxy.

You do not need carp enabled to use it.