Parallel running RADIUS servers

Phil Mayers p.mayers at imperial.ac.uk
Fri Feb 18 11:15:59 CET 2011


On 17/02/11 14:37, Brian Candler wrote:

> I can think of a few ways of implementing this:
>
> * Using bpf (like radsniff) to capture the live requests and responses.
>    Forward a copy of the request to a second process, which would somehow
>    be jailed to a loopback interface, and then compare the responses.
>
> * Have some sort of forking proxy, which takes one input packet and sends
>    it to two places, A and B. It would take either the A or B response and
>    return it to the client. It could even vote on them (e.g. Access-Accept
>    takes precedence over Access-Reject)

This is only going to work for the simpler authentication mechanisms - 
PAP and so forth.

It won't work for EAP, because the server challenge state incorporates 
random numbers.

Honestly, I think you are better off relying on proper testing & change 
control.



More information about the Freeradius-Users mailing list