Re: RADIUS contingency measures

Jim Dunmyer ( jdunmyer@toltbbs.com )
Mon, 25 May 1998 11:05:47 -0400

At 09:50 PM 5/25/98 +0800, you wrote:
>Dale,
>
>I know that NAS's can be configured to use a primary and secondary RADIUS
>server. In case the primary server doesn't respond, then the secondary
>server will be queried.
>
>However, isn't it true that both the primary and secondary server share only
>one user database ? This is a single-point-of-failure, isn't it ?
>
>What measures could I take to make sure that in the event the first user
>database conks-out, a secondary database might be used ?

We run a second copy of RADIUSNT on another machine that also has the SQL
client intstalled on it. Every 3 hours, a batch file runs that uses the
RADUSERS program to query the main database and create a new USERS file.
The batch file checks the integrity of the USERS file before copying it
over the existing one, as a corrupt/useless file is created if the SQL
server isn't working.

We can shut down the main server, running Emerald, SQL Server, and RADIUSNT
and everything will keep right on keeping on. Adding users can be a bit
problematic, but we could even do that with a text editor if we have a
long-term emergency or outage on the main machine.

<<jdunmyer@toltbbs.com>>
<<www.toltbbs.com/~jims>>