Radius w/ MySQL? 34
nightrav asks: "I'm one of the systems administrators at a small ISP (about 20k customers) and we're currently looking on moving to a different Radius solution. Currently we are using Merit with LDAP which is proving to be extremely slow and causes a great deal of authentication issues if a Total Control chassis reboots or experiences some other problem that causes it to dump its users. We would like to use some sort of Radius/MySQL solution for authentication and accounting and were wondering what solutions the Slashdot community would recommend."
Radiator. (Score:2, Informative)
Re:Radiator (totally rocks). (Score:2)
Open: FreeRADIUS Closed: Steelbelted RADIUS (Score:3, Informative)
http://www.freeradius.org
Wanna Pay? Steelbelted RADIUS
http://www.funksoftware.com
Re:Open: FreeRADIUS Closed: Steelbelted RADIUS (Score:2, Informative)
http://www.gnu.org/software/radius/radius.html
Re:Open: FreeRADIUS Closed: Steelbelted RADIUS (Score:1)
We just tested a steel-belted radius (funk(r)) working with Iplanet (Sun(r)), and go about 600 processed radius requests per seconds, which is largerly enough for you.
I'm not disclosing the full study here (wanna keep my job, guys), but since radius is mainly network/cpu intensive, and because any Database is througput intensive, it make sense to split them over two boxes and to tune those boxes differently.
Which raises a question: what LDAP implementation are you using ?
Another point: why use a stacking of DB, like [Whatever]LDAP over [Whatever]SQL, it is just a waste of ressources, because an LDAP schema is not made to fit into a relationnal database.
Stick to Radius/Ldap, and test your prototype performance. Here is a free test scripts [freeradius.org], though I do not know if it will work with your choice of radius.
Commercial & OSS Radius (Score:3, Informative)
or
http://www.gnu.org/software/radius/radius.html
or
http://www.freeradius.org/
LDAP is awful (Score:2, Insightful)
When it comes to performance, LDAP is a bad protocol, and OpenLDAP is an even worse implementation.
LDAP + ODBC + MySQL (Score:2)
If you're using OpenLDAP, you can rebuild it with ODBC support and run it on top of MySQL. I've tried running it with PostgreSQL, but have had no luck with it yet. The configure flag for this is --enable-sql.
HTH.
FreeRadius plus OpenLDAP or PostgreSQL (Score:4, Informative)
Postgres can also be used to store both auth and accounting info from FreeRadius and has the ability to live in a cluster for reliability purposes, I know their also working on scalability clusters, but I don't know how far along it is.
Having your user auth info in OpenLDAP will prolly get that info out faster than Postgres, but it can only be used to store auth info. It will most likely be easier to store all the data in Postgres.
Don't use MySQL if you want scalability, speed and robustness all in one package. Postgres has got much better features when it comes to this, it also has native data-types for ip addresses and such.
OpenLDAP might make your migration easier, with any new data you want to store going to Postgres.
I'd recommend thouroughly testing these setups first. Especially the clustering.
Cistron Radius (Score:1)
Cistron Radius [cistron.nl]
RPMS for Cistron with MySQL [iqnet.cz]
Re:Cistron Radius - SECONDED (Score:2)
despite other comments... (Score:4, Interesting)
Doing things now at my current job (typically for much smaller user bases), I use postgres in place of Oracle, unless the client has a preference. It just works, it is fast, it doesn't chew off a limb when it has a problem. You can do more interesting queries if you need to. It is enterprise class, Mysql is not, yet. Sorry.
I wonder at all the people who have had endless problems with Open LDAP. If you read the docs, think about what they mean for your environment, and implement correctly, it works wonderfully, from stability to performance to features. Of course, lots of people have horror stories about Postgres, too, most of them illustrations of how not to run a real database. All I can say is these tools work for me and my clients.
My new company is currently about to close, I think, a deal to do what I described above for ~4M users. I'm entirely confident it will work, based on as close to empirical testing as we can emulate. The real world is always different, but that makes it fun. YMMV.
-j
Re:despite other comments... (Score:2)
FreeRadius + MySQL (Score:2, Insightful)
See Here [freeradius.org] for more info on the SQL module.
We also ended up using phpMyAdmin [phpmyadmin.org] to administrate the adding/removing of users, groups, & other attributes.
ryanc
We run this exact setup (Score:4, Informative)
First off, we use ICRadius for our RADIUS server... Using MySQL replication, we avoid a single point of failure... ICRadius is free, and based on Cistron Radius... It works for our needs. Secondly, we use the Exim MTA for SMTP, and Courier IMAP for pop3/imap services... Mail is stored on a RAID exported over NFS, so mail servers are quite easily clustered... Lastly, we have a home-grown account management program we wrote, called "Nebula" that manages all aspects of an account...
If you'd like examples of a config file, implementation suggestions, of even a copy of Nebula (it's open source, free), please let me know. You can e-mail me personally at work at dbauman (at) infostations (dot) net. I even have the origional ICRadius + MySQL howtos from years ago when we migrated away from Cistron, and also the ISP-Planet's ISP-Radius mailing list can be of help to you...
Re:We run this exact setup (Score:1)
ICRADIUS (Score:1)
Radius w/ MySQL (Score:1)
However it depends what you want to do with your data. I work in a small telco (we have about 100K calls a day) and we are using Radiator with OpenLDAP + MySQL. OpenLDAP took a li'l hammering, but now is quite fine, even tho performance was never much of a problem. On average, our main raidus servers reply in a few (<10) miliseconds.
WRT MySQL we are using it for our session database and are extremely happy with it. On the other hand, aren't quite as happy with our Accounting Database and will, most likely, move away from MySQL, due to the fact we need to make more complex queries and relationships than we can afford to right now.
I can only recommend that, as a Radius Server, you use Radiator. It will allow you to move and change datasources (almost) transparently.
RJS
radiator and 40,000 users.. (Score:1)
icradius (Score:1)
It's cross platform (I've run it on both Solaris and Linux). It's really fast too.
Radiator.. (Score:1)
It was messy but worked perfectly when I left.
Why not try GNU-Radiusd? (Score:2)
We run it with Postgres (run away from MySQL, but GNU-RADIUSD can use it) -- it's fast for us (6k+ customers), under active development and stable as hell.
Oscillating Unity (Score:2)
Oh wait, you already have that in place.