freeradius3 0.15.7_30 seems to have changed the XMLRPC Sync behavior in a recent update. This leads to the issue that - unlike before - interfaces configuration is now included in the sync with no way to disable that. If one uses Sync to align users across locations, this is not helpful, because the interface IPs in the secondary location(s) will be different. In addition, it sees that the settings under EAP -> Certificates for TLS are no longer synced correctly. Whenever I change a user in the primary location, I now - unlike before - need to manually restate the interfaces and the certificate information in the secondary location. It would be great, if syncing the interface IP configuration was optional and if certificate information was just left intact.
Updated by Cullen Trey almost 2 years ago
as an idea to solve the different wishes of pfSense users, one could make the sections configurable per sync ip.
Sync in FreeRadius has at least these two use cases:
1. Sync everything to the second ha pfSense node (mode now in 0.15.7_30)
2. Sync users to every pfSense router in our company network (mode before 0.15.7_30, because only users and clients were synced)
In order two solve all the issues, why not specify per sync IP, what is synced? Like
- Users + Clients
I would only need, the option All and Users.