Migrating from one to another radius server

classic Classic list List threaded Threaded
4 messages Options
| Threaded
Open this post in threaded view
|

Migrating from one to another radius server

Oleg Motienko
Hello,

We are running billing system with radius auth and acct.
We have to migrate our user database to another billing system but we
can't migrate all users and reconfigure all routers simultaneously.
Presumably we can migrate about 50-100 user of several thousands every
day, and we want to make this process transparent for users.

So, we have 3 radius servers:

oldserver - running  with olddatabase,
newserver - running with newdatabase,
freeserver - runing freeradius for transparent forwarding.

Users enters their logins without @domain and it's unreal to request
all users to change anything in their login configurations.

Is it possible to make such algorithm?
              vvv
Router request auth from freeserver and
1) freeserver forwards request to oldserver and if user is still in
olddatabase, oldserver process request.
2) if user is not found in olddatabase, freeserver forwards request to newserver
3) if user is not found on newserver (so, users is unknow in both
databases) or password incorrect or other error -  freeserver returns
error to router.

If this algorithm is possible, is it possible to forward acct
information same way?

Thanks in advance.

--
Regards,
Oleg

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Migrating from one to another radius server

Alan DeKok
Oleg Motienko <[hidden email]> wrote:
> We have to migrate our user database to another billing system but we
> can't migrate all users and reconfigure all routers simultaneously.
> Presumably we can migrate about 50-100 user of several thousands every
> day, and we want to make this process transparent for users.

  Why not migrate all user information to the new database, and switch
from the old one to the new one at 2am one day?  If something goes
wrong, you can switch back, and re-do the migration.

> 1) freeserver forwards request to oldserver and if user is still in
> olddatabase, oldserver process request.
> 2) if user is not found in olddatabase, freeserver forwards request to newserver

  RADIUS doesn't return "notfound". It returns "REJECT" or "ACCEPT".
So what you want to do can't be done the way you want.

  I don't see why you wouldn't just migrate all of the users at once.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Migrating from one to another radius server

Oleg Motienko
On 8/11/05, Alan DeKok <[hidden email]> wrote:

> > We have to migrate our user database to another billing system but we
> > can't migrate all users and reconfigure all routers simultaneously.
> > Presumably we can migrate about 50-100 user of several thousands every
> > day, and we want to make this process transparent for users.
>
>   Why not migrate all user information to the new database, and switch
> from the old one to the new one at 2am one day?  If something goes
> wrong, you can switch back, and re-do the migration.

This is impossible because of old and new billing system use different
password encryption in database, running on different OS and also use
different software for radiusd. Unfortunately we will have to change
every password manually because we have not unencrypted one.  Also
there is about 20 access routers, so we need to reconfigure every of
them.


> > 1) freeserver forwards request to oldserver and if user is still in
> > olddatabase, oldserver process request.
> > 2) if user is not found in olddatabase, freeserver forwards request to newserver
>
>   RADIUS doesn't return "notfound". It returns "REJECT" or "ACCEPT".
> So what you want to do can't be done the way you want.

Sorry I'm not familar with radius terminology yet, I mean "REJECT".

 
>   I don't see why you wouldn't just migrate all of the users at once.

Yes, we will do complete migration at once if there is no methods to
migrate gradually.

--
Regards,
Oleg

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Migrating from one to another radius server

Alan DeKok
Oleg Motienko <[hidden email]> wrote:
> This is impossible because of old and new billing system use different
> password encryption in database, running on different OS and also use
> different software for radiusd.

  If you're only using FreeRADIUS to migrate from one non-FreeRADIUS
solution to another non-FreeRADIUS solution, then I don't think your
questions are appropriate here.

  Ask the vendors who sold you the software how to migrate.  I'm sure
they'll be happy to help.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html