Re: RADIUS contingency measures

Dale E. Reed Jr. ( (no email) )
Mon, 25 May 1998 08:14:21 -0700

Danny Sinang wrote:
> I know that NAS's can be configured to use a primary and secondary RADIUS
> server. In case the primary server doesn't respond, then the secondary
> server will be queried.
> However, isn't it true that both the primary and secondary server share only
> one user database ? This is a single-point-of-failure, isn't it ?

It doesn't have to be "one physical" database. It has to be the same
user list. For example, you could be copying an MS Access database
from your primary to your seconday, or use SQL Server replication with
two SQL Servers. RadiusNT 2.5 allows you to have a different DSN for
authentication and accounting. I've done some pretty complicated
installations with SQL Server using 3-4 SQL Servers in a distributed
environment (local auth, read only) and primary accounting centralized.

> What measures could I take to make sure that in the event the first user
> database conks-out, a secondary database might be used ?

The other thing we are looking into is having a promary and secondary
ODBC DSN for both accounting and authentication. Things get a little
more tricky on the install, though. RadiusNT 2.5 does have text backup
mode, which allows it to auth against the users file ONLY if the
ODBC DSN fails.

-- Dale E. Reed Jr.  (       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |