Project

General

Profile

Using a Backup Server » History » Version 2

Luke Murphey, 10/11/2012 05:19 AM

1 1 Luke Murphey
h1. Using a Backup Server
2 1 Luke Murphey
3 1 Luke Murphey
The RADIUS Authentication App can be configured to use a backup server in case the primary is unavailable. The app will use the backup server if the primary does not authenticate the user.
4 1 Luke Murphey
5 2 Luke Murphey
Below are some notes about the way the app behaves:
6 2 Luke Murphey
7 2 Luke Murphey
* The backup RADIUS server will be contacted whenever a user fails to authenticate to the primary RADIUS server even if the user was unable to authenticate due to an incorrect password (as opposed to a RADIUS server failure). This is done to allow authentication to succeed in cases where the primary authentication server is misconfigured and denying users access unnecessarily. Furthermore, it isn't always possible to determine why a RADIUS server denies authentication so it is best just to try the backup RADIUS before disallowing access (it is safer).
8 2 Luke Murphey
* Users may notice a slight delay when attempting to authenticate when the primary RADIUS server is unavailable since the app has to try the first RADIUS server first and it may take up to 5 seconds for the request to timeout before the secondary server is used.
9 2 Luke Murphey
* If the secret for the backup server is not defined, then the secret from the primary server will be used for the backup too.
10 1 Luke Murphey
11 1 Luke Murphey
You can determine if the backup server is being used by examining the logs with the sourcetype "radius_auth". The following log message will return logs indicating that the backup server is being used:
12 1 Luke Murphey
13 1 Luke Murphey
<pre>
14 1 Luke Murphey
index=_internal "Authentication to secondary RADIUS server" sourcetype="radius_auth"
15 1 Luke Murphey
</pre>