Re: Where to run RadiusNT/Single point of failure elimination?

Dale E. Reed Jr. ( (no email) )
Mon, 21 Jul 1997 22:18:55 -0700

Fox, Thomas L. wrote:
>
> I'm soliciting general opinions (everybody has one)...
>
> Is it wise/appropriate to run the primary authentication instance
> of RadiusNT on the same machine as the SQL server/Access database?
>
> We're thinking of an authentication "system" that looks like this:
>
> PRIMARY RADIUS (SQL) SERVER -- All terminal servers authenticate to
> this 1st
>
> SECONDARY RADIUS SERVER -- All terminal servers use this as alternate
> authentication
> All terminal servers us this as alternate accounting
>
> ACCOUNTING SERVER - All terminal servers dump accounting here

I recommend one for SQL, and two RadiusNT machines, one for primary
auth, and
one for primary accounting (each serving secondary for the other).

We will be building some better fail over into RaidusNT 3.0 (like
multiple SQL Servers and such). Until then, I recommend just
building a robust SQL Server that doesn't have much else on it.
Mirror the drives, and give yourself as much protection as you can
(dual power supply machines are not uncommon).

> I guess it boils down to I'm looking for a way to eliminate the single point of failure.
> Would using RadiusNT in "both" mode with a text based user's file on the accounting
> and secondary servers suffice to provide authentication in the event of the failure of
> the SQL machine? I know the nas will hold accounting records for a while (and if I lose
> some, that isn't as important as users not being able to authenticate).

If accounting backs up, authentication stops. You should be
worrying about it.

> If so, are there any triggers/routines to create the text based users
> file on some periodic basis?

Emerald comes with an export routine to create a RadiusNT users file.
Its not a trivial routine and not something you could easily accomplish
with an SQL statement.

> And, on a Livingston Portmaster note, does anyone know if I can have more than one
> alternate authentication and accounting device (i.e., set alt 2, set alt 3, set account 2,
> set account 3)?

Nope, two of each is it (and really all you need). if you have two
machines go down,
you probably have some big problems.

-- Dale E. Reed Jr.  (daler@iea.com)_________________________________________________________________       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |    http://www.emerald.iea.com