FreeRadius replication
-
Hi,
I have two Pfsenses boxes running freeradius but I would like to make one of them replicate the users information from the other one.
I tried setting up a script to copy the users file via shh
scp root@myradius.mydomain.com:/usr/local/etc/raddb/users /usr/local/etc/raddb/users
and then restarting the radiusd service but it does not seems to be working
If i go to the GUI no users show up and if I add one the whole users file gets re-written and will only include the user that I just added via the GUI
has anyone run into this issue before? is there better way to set the replication?
-
Hi,
I think there are different files for the GUI and the real "users" file of freeRADIUS.
I think you can sync the users files of both freeRADIUS and it will work but it will not show up in the GUI.
And like you said - after doing any changes on the freeRADIUS GUI all changes you did before will get lost.I think you'll have to find the file which is responsible for the freeRADIUS GUI and sync this file, too.
If you found any solution, please let me know!
-
I Think I got it….
but I'm still testingthe easiest way seems to be to be to update /cf/conf/config.xml
and the run
./etc/rc.filter_configure
./etc/rc.packagesit seems that if you do other changes to the config.xml file
you should also run
./etc/rc.filter_configure_xmlrpcfor those changes to take effect.
hopefully this information helps other people.
-
Hi,
is this working for you, now ?
How do you only update the freeradius content of the config.xml file ?
Or did you found another solution ?Thanks for your feedback.
-
Look at any .inc file from packages that sync conf between pfSense boxes and you will see that it's not So hard.
Then create an php script to do it for you.
-
Look at any .inc file from packages that sync conf between pfSense boxes and you will see that it's not So hard.
Then create an php script to do it for you.
Can you tell me one or two packages which are doing that ?
My both pfsense machines are NOT running in CARP mode - so is it than still possible to sync the packages ? -
Varnish, postifix, haproxy.
You do not need carp enabled to use it.
