Re: backup radius server

Keith Willis ( )
Thu, 13 Mar 1997 12:41:51 -0600

Max is really funny about the way it handles backup servers, so beware.
According to Ascend, it will only try to send radius packets to a secondary
after it loses contact with the primary. And then it will only restore the
connection to the primary after the secondary is taken off-line.

So basically, kill your primary for the secondary to take effect....HTH :-)

At 11:24 AM 3/12/97 -0500, Josh Hillman wrote:
>I'm running RadiusNT .60 as a service (ODBC only) on the primary machine
>(where the SQL database resides) and authentication works just fine.
>On the secondary machine, I have RadiusNT .60 and am trying to run it from
>the CMD prompt, "radius -x -A".
>RadiusNT Admin settings:
> Auth port = 1645
> Accounting: Require secret
> Port: 1646
> Mode: Text Files
> Directories/files:
> Data: c:\radius\data
> Accounting: c:\radius\acct
> Users file: users
>Radlogin on the backup machine works fine, so long as the "dictionary file
>is in the "c:\radius" AND "c:\radius\data" directories.
>The problem is when I dialup through our Ascend Max 4004, I'm not
>authenticated because it seems that the Max isn't even looking at the
>backup server. The Max responds (on the console), "LAN securty error
>That user is not in the database--it only resides in the text file on the
>backup machine. The same "secret" is used on both servers as well as the
>Here's what the Max 4004 (5.0A) has set:
> Auth Host #1=(IP addr for primary machine)
> Auth Host #2=(IP addr for secondary machine)
> Auth Host #3=(IP addr for primary machine)
> Auth Port=1645
> Auth Src Port=0
> Auth Timeout=5
> Auth Key=*SECURE*
> Auth Pool=Yes
> Auth TS Secure=Yes
> Auth Send Attr. 6,7=Yes
> Local Profiles First=Yes
> Auth Req=Yes
> CLID Timeout Busy=No
> CLID Fail Busy=No
> APP Server=No
> APP Host=N/A
> APP Port=N/A
> SecurID DES encryption=N/A
> SecurID host retries=N/A
> SecurID NodeSecret=N/A
> Sess Timer=N/A
> Acct Host #1=(IP addr for primary machine)
> Acct Host #2=(IP addr for secondary machine)
> Acct Host #3=(IP addr for primary machine)
> Acct Port=1646
> Acct Src Port=0
> Acct Timeout=5
> Acct Key=*SECURE*
> Sess Timer=0
> Acct-ID Base=10
>What am I missing?
>Are loginnames in the text files still limited to 8 or less characters?
>Josh Hillman
> ----------------------------------------------------------
> RadiusNT Mailing List
Keith Willis Interconnect Services Inc.
Director of Engineering Services 535 S. Carancahua Ste. 5
Mail: Corpus Christi, Texas 78401
Dial-Up Access: 693-SURF (7873) Voice: (512) 884-3447

"Corpus Christi's Own Full Service Internet Access Provider"