Parallel running RADIUS servers
Phil Mayers
p.mayers at imperial.ac.uk
Fri Feb 18 11:15:59 CET 2011
On 17/02/11 14:37, Brian Candler wrote:
> I can think of a few ways of implementing this:
>
> * Using bpf (like radsniff) to capture the live requests and responses.
> Forward a copy of the request to a second process, which would somehow
> be jailed to a loopback interface, and then compare the responses.
>
> * Have some sort of forking proxy, which takes one input packet and sends
> it to two places, A and B. It would take either the A or B response and
> return it to the client. It could even vote on them (e.g. Access-Accept
> takes precedence over Access-Reject)
This is only going to work for the simpler authentication mechanisms -
PAP and so forth.
It won't work for EAP, because the server challenge state incorporates
random numbers.
Honestly, I think you are better off relying on proper testing & change
control.
More information about the Freeradius-Users
mailing list