Re: Sending authentication-requests to multiple radius-servers

2012-12-02 Thread Arran Cudbard-Bell
IIRC home server state is tracked on a per homeserver basis (irrespective of pool), and proxy-to-realm and replicate-to-realm will only replicate to the first alive server in a given pool. So the above *may* do exactly what you want, with the caveat that the replicated packets won't be

Re: Sending authentication-requests to multiple radius-servers

2012-12-01 Thread Stefan Kuegler
Hi Arran. You could also use rlm_replicate to duplicate the packet, but there's currently no way of checking the aliveness of a realm at runtime, so you'd end up sending duplicate requests to whatever the primary OTP server was. and that wouldn't help if you were actually wanting to

Re: Sending authentication-requests to multiple radius-servers

2012-11-29 Thread Stefan Kuegler
Hi Arran. You could also use rlm_replicate to duplicate the packet, but there's currently no way of checking the aliveness of a realm at runtime, so you'd end up sending duplicate requests to whatever the primary OTP server was. and that wouldn't help if you were actually wanting to

Re: Sending authentication-requests to multiple radius-servers

2012-11-29 Thread Arran Cudbard-Bell
On 29 Nov 2012, at 09:21, Stefan Kuegler freerad...@kuegler.org wrote: Hi Arran. You could also use rlm_replicate to duplicate the packet, but there's currently no way of checking the aliveness of a realm at runtime, so you'd end up sending duplicate requests to whatever the primary OTP

Sending authentication-requests to multiple radius-servers

2012-11-28 Thread Stefan Kuegler
Hello. I have a short question: Is it possible to send an authentication-request from a client to multiple servers simultaneously ? +--+ /-| radius A | +++--+ / +--+ |

Re: Sending authentication-requests to multiple radius-servers

2012-11-28 Thread Alan DeKok
Stefan Kuegler wrote: Is it possible to send an authentication-request from a client to multiple servers simultaneously ? Not really, no. We now authenticate with HMAC-based One Time Password Token (aka event-based token) from a Cisco ASA via radius to only one freeradius-server. But we

Re: Sending authentication-requests to multiple radius-servers

2012-11-28 Thread Marinko Tarlac
Some NASes can successfully use several servers. If the first one doesn't respond, the request will be sent to the next RADIUS server On 11/28/2012 4:07 PM, Alan DeKok wrote: Stefan Kuegler wrote: Is it possible to send an authentication-request from a client to multiple servers

Re: Sending authentication-requests to multiple radius-servers

2012-11-28 Thread Arran Cudbard-Bell
On 28 Nov 2012, at 14:02, Stefan Kuegler freerad...@kuegler.org wrote: Hello. I have a short question: Is it possible to send an authentication-request from a client to multiple servers simultaneously ? +--+

Re: Sending authentication-requests to multiple radius-servers

2012-11-28 Thread Arran Cudbard-Bell
You could also use rlm_replicate to duplicate the packet, but there's currently no way of checking the aliveness of a realm at runtime, so you'd end up sending duplicate requests to whatever the primary OTP server was. and that wouldn't help if you were actually wanting to authenticate the