Is it possible to set a backup RADIUS server?
-
When configuring an authentication server whether RADIUS or LDAP it appears that it's only possible to specify a single IP address.
Is there some way to configure a backup authentication server in case the primary goes down?
Another option might be to have a DNS record that resolves to two A records, and the RADIUS client might try both of them?
-
@artooro said in Is it possible to set a backup RADIUS server?:
to have a DNS record that resolves to two A records
That won't work as a domain has only one A record...why would you need a backup Radius server?
pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud. -
For some things, like an OpenVPN server, you can just select more than one authentication server and it will try each if it fails to get a response.
-
@nollipfsense that's factually incorrect. A domain can have many A records.
And why would you need a backup RADIUS server.... until you do. -
@stephenw10 thank you. I think the scenario I'm working with actually is using OpenVPN so I'll go that route!
-
@artooro It seems that you are correct...learned something new today...thank you for sharing.
"Yes, a domain can have multiple A records. This is known as "round-robin DNS" and it allows multiple IP addresses to be associated with a single domain name. When a client requests the IP address for the domain name, the DNS server will rotate through the list of IP addresses in the A records and return a different IP address each time. This can be used to distribute traffic across multiple servers or to provide failover in the event that one server becomes unavailable."
