I have a Hotspot system, which uses an external radius server to authenticate users. It works fine.
I now want to give access from the hotspot system to a second radius box (which will store user, passwords etc which are DIFFERENT from the original box). (The second radius box wont just be a back up to the first box)
I can see that its possible in /radius to add the details of a second radius box (IP, shared secret, etc).
What I dont know, though, is whether or not the Hotspot service will access the second radius if it fails to do a successful authentication on the first box.
We had a config in FreeRadius that never sent a deny. It would send an accept, but if it was not found in the database, it simply would not reply, then it would go on to the next server. Watch your ping times and bw though to the first server, as you will want to keep your timeout value low enough for that server to fail quickly, but not so long your customer has to way 1-2 seconds just to hop to the next box.
Also, there is ways of having your radius system look at several databases as well
