Redundant Proxy for Authentication
Hi, I want to know if it's possible to proxy authentication request in a redundant fashion (just like we can do with ldap or mysql modules in a redundant block). On each requests, we want to proxy it to a primary server, if it's succeeding, move on, but if the authentication fails, we need to proxy to a secondary server. It's not fail-over we are looking for. Thanks! -- Francois Gaudreault, ing. jr fgaudreault@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)
Francois Gaudreault wrote:
On each requests, we want to proxy it to a primary server, if it's succeeding, move on, but if the authentication fails, we need to proxy to a secondary server. It's not fail-over we are looking for.
RADIUS doesn't really work that way. The only way to do it is via some severe re-architecting of the server internals. Alan DeKok.
Thanks Alan. We will rework our use case then :) On 2012-08-22 1:46 AM, Alan DeKok wrote:
Francois Gaudreault wrote:
On each requests, we want to proxy it to a primary server, if it's succeeding, move on, but if the authentication fails, we need to proxy to a secondary server. It's not fail-over we are looking for.
RADIUS doesn't really work that way.
The only way to do it is via some severe re-architecting of the server internals.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Francois Gaudreault, ing. jr fgaudreault@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)
participants (2)
-
Alan DeKok -
Francois Gaudreault