> [...] we're not using a RAS server and the ACE servers are our Radius
servers. Basically, we have our firewall (Checkpoint) sending the SecuRemote info to the ACE servers (which are running Radius). If it helps, they are ACE 3.3 servers with Radius enabled. When the master is up, everything works fine and checkpoint returns a message saying "user authencticated by RADIUS" When the master is down, the event logs tell us that the slave takes over, but anyone trying to log in get a message that the RADIUS servers are not responding.
<snip> <snip>
Hi Russ:
Step back a bit and consider who knows what;-)
The updated configuration record needs to be sent to all ACE/Agents in the realm so that they know where the master and slave ACE/Servers are.
Copy the sdconf.rec to the RADIUS server, restart it, and then try the failover test.
If, OTOH, the ACE/Server slave is not generating any log information, there are a few things that you should immediately check on.
- Make sure the RADIUS server is running on the slave machine.
- Make sure the RADIUS server is using the correct sdconf.rec file. (By default, this file should be in the ace/data directory, but -- since you are new to this job -- you should do a search to make sure there isn't some old copy of sdconf.rec lying around.)
The most likely source of your troubles, of course, is that your firewall just doesn't know where the slave server is. Please check carefully to make sure that FW-1 has the correct name and correct IP address for the slave server.
Suerte,
_Vin
---------------------------------------------------------------
* Vin McLellan + The Privacy Guild + <[EMAIL PROTECTED]> *
22 Beacon St., Chelsea, MA 02150-2672 USA================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
