(RADIATOR) Failover

Hugh Irvine hugh at open.com.au
Mon Feb 20 15:56:07 CST 2006


Hello Andrew -

If your NAS equipment does not receive a response from its primary  
radius server, it will switch to its secondary. If the subsequent  
radius requests are going to your radius secondary, the primary  
radius server (and hence the AuthBy FILE) will never see the radius  
requests at all.

regards

Hugh


On 20 Feb 2006, at 18:43, Andrew wrote:

> Thanks for your reply Hugh, this is the behaviour I expected. I  
> will run
> some tests myself and figure out where the problem is!
> Just to try and explain the issue some more, (FYI) what seems to be
> happening is that when the AuthBY Radius is not available, the  
> AuthBY FILE
> is not authenticating even when the access details are correct? In  
> other
> words it's like AuthBy FILE is not even being attempted? Also in  
> case you
> wanted to know, it's version 3.5.
>
> -- Andrew
>
>> -----Original Message-----
>> From: owner-radiator at open.com.au [mailto:owner- 
>> radiator at open.com.au] On
>> Behalf Of Hugh Irvine
>> Sent: Monday, 20 February 2006 1:15 PM
>> To: andrewb at acenet.net.au
>> Cc: radiator at open.com.au
>> Subject: Re: (RADIATOR) Failover
>>
>>
>> Hello Andrew -
>>
>> If the AuthBy FILE returns Reject, then you will go on to proxy via
>> the AuthBy RADIUS.
>>
>> If the AuthBy RADIUS does not get a reply, then there will be no
>> reply sent to the NAS.
>>
>> This will cause the NAS to fail over to its secondary radius target.
>>
>> hope that helps
>>
>> Hugh
>>
>>
>> On 20 Feb 2006, at 13:45, Andrew wrote:
>>
>>> Hi All,
>>>
>>> I need some clarification on the config below. I set this config
>>> thinking
>>> that if the 'authby file' fails then radiator will try to 'authby
>>> radius' (a
>>> physically separate server). What I have found is that if the
>>> second server
>>> fails (ie. the server goes down) then I stop receiving
>>> authentication on the
>>> primary server? Where did I go wrong or what did I miss in the
>>> reference?
>>>
>>> <Realm DEFAULT>
>>>         RejectHasReason
>>>         AuthByPolicy ContinueWhileReject
>>>         Log blogger
>>>         <AuthBy FILE>
>>>                 Filename /.../users
>>>         </AuthBy>
>>>         <AuthBy RADIUS>
>>>                 Host ...
>>>                 Secret ...
>>>         </AuthBy>
>>>         AcctLogFileName /.../detail
>>>         AuthLog authlog
>>> </Realm>
>>>
>>> Thanks!
>>>
>>> -- Andrew
>>>
>>>
>>>
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/
>> radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list