Is it wise/appropriate to run the primary authentication instance
of RadiusNT on the same machine as the SQL server/Access database?
We're thinking of an authentication "system" that looks like this:
PRIMARY RADIUS (SQL) SERVER -- All terminal servers authenticate to this 1st
SECONDARY RADIUS SERVER -- All terminal servers use this as alternate authentication
All terminal servers us this as alternate accounting
ACCOUNTING SERVER - All terminal servers dump accounting here
While this scenario covers failure of the accounting server and primary RADIUS instance
on the primary radius server, it doesn't account for a failure of the primary MACHINE
(i.e., power supply dies at 3am). If that machine dies, we lose authentication and
accounting as that is where the database lives.
I guess it boils down to I'm looking for a way to eliminate the single point of failure.
Would using RadiusNT in "both" mode with a text based user's file on the accounting
and secondary servers suffice to provide authentication in the event of the failure of
the SQL machine? I know the nas will hold accounting records for a while (and if I lose
some, that isn't as important as users not being able to authenticate).
If so, are there any triggers/routines to create the text based users file on some periodic
And, on a Livingston Portmaster note, does anyone know if I can have more than one
alternate authentication and accounting device (i.e., set alt 2, set alt 3, set account 2,
set account 3)?