<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hello Robert<div><br></div><div>Radiator configuration offers no direct way to switch back to the primary database, because all database connections are treated as equal. Below I'll suggest some approaches so you can see if they fit your needs.<br><br>For situations when you detect that you're using secondary database and want to change back to primary, and you know that there's some database-specific SQL statement that you can use to disconnect the connection(s). For example in DB2, there's a <font face="monospace">DISCONNECT</font> statement.<br><a href="https://www.ibm.com/docs/en/db2-as-a-service?topic=statements-disconnect" target="_blank">https://www.ibm.com/docs/en/db2-as-a-service?topic=statements-disconnect</a> .<br><br>Create a separate <font face="monospace"><Handler></font> that only catches some particular auth or acct request (that you have a way to send when needed), and then in <font face="monospace"><AuthBy SQL></font> use <font face="monospace">AuthSQLStatement</font> or <font face="monospace">AcctSQLStatement</font> to execute the SQL statement that disconnects from the database. Radiator then starts a new connection when needed, with the next available DB source. You need to use the same connection details so that Radiator knows which connection you want to disconnect.</div><div><a href="https://files.radiatorsoftware.com/radiator/ref/AuthBySQL.html#AuthSQLStatement" target="_blank">https://files.radiatorsoftware.com/radiator/ref/AuthBySQL.html#AuthSQLStatement</a><br><br>If you want to use some other method to trigger the change, you can also use some of the many Radiator's internal code hooks to disconnect the database connection. For example if you use <font face="monospace">PostAuthSelectHook</font> in <font face="monospace"><AuthBy SQL></font> you can programmatically disconnect from the database after validating that the incoming request had proper credentials.</div><div><a href="https://files.radiatorsoftware.com/radiator/ref/AuthBySQL.html#PostAuthSelectHook" target="_blank">https://files.radiatorsoftware.com/radiator/ref/AuthBySQL.html#PostAuthSelectHook</a></div><div><br></div><div>There are plenty of hooks to choose from. You can set Radiator to catch an operating system signal using <font face="monospace">WINCHHook</font>.</div><div><a href="https://files.radiatorsoftware.com/radiator/ref/GlobalParameters.html#WINCHHook" target="_blank">https://files.radiatorsoftware.com/radiator/ref/GlobalParameters.html#WINCHHook</a><br><br>If you want to initiate the db change with HTTP API call, set up <font face="monospace"><ServerHTTP></font> and in its config block use <font face="monospace">PageNotFoundHook</font> to create an API endpoint. There's an example of using this method on the mailing list, too:<br><a href="https://lists.open.com.au/pipermail/radiator/2025-May/022109.html" target="_blank">https://lists.open.com.au/pipermail/radiator/2025-May/022109.html</a><br><a href="https://files.radiatorsoftware.com/radiator/ref/ServerHTTP.html#Trace_ServerHTTP-3" target="_blank">https://files.radiatorsoftware.com/radiator/ref/ServerHTTP.html#Trace_ServerHTTP-3</a><br><br>You can also use <font face="monospace">MainLoopHook</font> to perform timed checks. In the hook code, check which connection is in use (connected to secondary server) and if a suitable alternative (the primary server no longer in <font face="monospace">FailureBackoffTime</font>) is available, then disconnect from the secondary in order to allow Radiator to connect to the primary database.<br><a href="https://files.radiatorsoftware.com/radiator/ref/GlobalParameters.html#MainLoopHook" target="_blank">https://files.radiatorsoftware.com/radiator/ref/GlobalParameters.html#MainLoopHook</a><br><br>Some useful code bits if you choose to use some Hook:<br><font face="monospace">$self->{dbsource}</font> is of form "<font face="monospace">dbi:SQLite:./radiator.db Connection id: 0-00000</font>"<br><br>You can get a handle to an <font face="monospace">AuthBy</font> using its <font face="monospace">Identifier</font> string:</div><div><font face="monospace">$authby = Radius::AuthGeneric::find($authby_identifier);</font></div><div>and get the <font face="monospace">$dbsource</font> from there for your own checks (i.e. are we connected to primary or not):</div><div><font face="monospace">$dbsource = $authby->{dbsource};</font></div><div>If reconnection is wanted, just disconnect from the current <font face="monospace">dbsource</font>:<br><font face="monospace">$authby->disconnect();</font><br><br>Looping back to the start, you can naturally trigger a Hook with a RADIUS request too, just set up a suitable <font face="monospace">Handler</font>.</div><div><br></div><div>If you're using <font face="monospace">SessionDatabase</font>, <font face="monospace">ClientListSQL </font>or other SQL-related features, you may want to disconnect and change those connections, too.</div><div><br></div><div>Using similar ideas, I've configured a setup that spans three data centers, each with multiple servers. The Radiator servers primarily use databases local to the DC, but they can fail over to DB backends in other DCs if needed, and then switch back later.</div><div><br>//jani</div><div><br></div></div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, 14 Feb 2026 at 15:00, Robert Blayzor via radiator <<a href="mailto:radiator@lists.open.com.au" target="_blank">radiator@lists.open.com.au</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">In AuthBy SQL I can list multiple DB servers and they are tried in the <br>
order they appear.<br>
<br>
If one fails, it will move to the next in the list, but stays connected <br>
to that one until that connection fails.<br>
<br>
Is there a way to change this behavior to revert to the first in the <br>
list after FailureBackoffTime has expired and can be connected to again?<br>
<br>
In some cases we have a local DB server that may be unavailable from <br>
time to time, (upgrades, etc) but is the best primary source rather than <br>
the next one in the list.<br><br>
--<br>
<a href="http://inoc.net" rel="noreferrer" target="_blank">inoc.net</a>!rblayzor<br>
PGP: <a href="https://pgp.inoc.net/rblayzor/" rel="noreferrer" target="_blank">https://pgp.inoc.net/rblayzor/</a><br><br>
</blockquote></div></div>
</div>
</div>
</div>
</div>