Redundant Freeradius server.

Hi,

I recently installed a demo of Radius Manager 3.2.2. Now I have a problem connecting to the Second radius server (rad2).

rad1 = freeradius server with radius manager demo
rad2 = second freeradius server

If I setup MT for radius:

rad1
rad2

I cannot authenticate users on rad2. I can see in MT that rad1 will reject the request without going to rad2. But when I switch them like:

rad2
rad1

Everything is fine. I mean I can authenticate using users from both radius servers. rad2 don’t reject the access-request so it will continue to query rad1.

I emailed the support for Radius Manager with:

‘Is there a setting in radius manager that will not reject the request when it cannot find the user in its database so it will continue to the second radius server? Or is it freeradius? Any suggestions?’

and the reply was:

‘Normally, when a first server declines auth, Mikrotik will walk to
the
next server and asks it for the auth.’

If this is true, then how do I make Mikrotik 2.9.50 to ‘walk’ (continue) to the next server? I can’t see any setting in MT that will do that.

Thanks,

ColdHaze

normally, when a first server declines auth, Mikrotik will not walk to the next server. as far as i remember, i’ve tested it on both v2.9 and v3 with freeradius

I use two radius servers too and it is normal that mikrotik do not go to the second radius when first one deny request. Purpose of the second one is when there is timeout from the first one - so when the first one is not functional. The query is redirected to the second one - to the backup radius server. If you want to forward authentication from first one to the second one, it is functionality of radius server. So you have to configure first freeradius to query the second one.

Chupaka, rastod thanks for the info.

So, is the best way to do this is through freeradius-proxy on the first radius to query the second radius?

Thanks,

Coldhaze