manny wrote: > I am attempting to setup a FreeRADIUS server to listen only on one IP > address, but have two virtual servers.
The documentation says that packets coming from a "listen" section go to one virtual server. You will need to have multiple "listen" sections. > At the moment I am testing with > simple servers, one that accepts and one that rejects. I have a freeradius > server that is dependent on another server, and want to provide an alternate > authentication method when the server is down. What you can do is to put the home servers into a fail-over pool. Have the proxy fail over from the external home server, to one that you control. > home_server_pool my_auth_failover { > type = fail-over > home_server = first > home_server = second > } That should works. > > This is the result from radtest <sigh> If you're debugging the server, why are you looking at radtest, instead of the output of "radiusd -X"? This is documented in the FAQ, web page, documentation, "man" pages, and daily on this list. > [root@localhost raddb]# radtest test test123 192.168.100.251 1812 secret > Sending Access-Request of id 1 to 192.168.100.251 port 1812 > User-Name = "test" > User-Password = "test123" > NAS-IP-Address = 127.0.0.1 > NAS-Port = 1812 > rad_recv: Access-Reject packet from host 192.168.100.251 port 1812, id=1, > length=20 > [root@localhost raddb]# > > It is my understanding that once a home_server is dead, it tries the next > one, but here I see that port 1812 is still used instead of 1822. You do understand that "radtest" is not a RADIUS server, right? Radtest will send packets to where *you* tell it to send packets. Here, you've told it to send packets to port 1812. So it does that. radtest is *not* FreeRADIUS. Again, look at the debug output of the *server* to see how the *server* is behaving. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html