Virtual Server Pool Problem

[Alan DeKok]

manny wrote:
> I am attempting to setup a FreeRADIUS server to listen only on one IP
> address, but have two virtual servers.

  The documentation says that packets coming from a "listen" section go
to one virtual server.  You will need to have multiple "listen" sections.

> At the moment I am testing with
> simple servers, one that accepts and one that rejects. I have a freeradius
> server that is dependent on another server, and want to provide an alternate
> authentication method when the server is down.

  What you can do is to put the home servers into a fail-over pool.
Have the proxy fail over from the external home server, to one that you
control.

> home_server_pool my_auth_failover {
>         type = fail-over
>         home_server = first
>         home_server = second
> }

  That should works.

> 
> This is the result from radtest

  <sigh>  If you're debugging the server, why are you looking at
radtest, instead of the output of "radiusd -X"?  This is documented in
the FAQ, web page, documentation, "man" pages, and daily on this list.

> [root at localhost raddb]# radtest test test123 192.168.100.251 1812 secret
> Sending Access-Request of id 1 to 192.168.100.251 port 1812
>         User-Name = "test"
>         User-Password = "test123"
>         NAS-IP-Address = 127.0.0.1
>         NAS-Port = 1812
> rad_recv: Access-Reject packet from host 192.168.100.251 port 1812, id=1,
> length=20
> [root at localhost raddb]#
> 
> It is my understanding that once a home_server is dead, it tries the next
> one, but here I see that port 1812 is still used instead of 1822.

  You do understand that "radtest" is not a RADIUS server, right?
Radtest will send packets to where *you* tell it to send packets.  Here,
you've told it to send packets to port 1812.  So it does that.

  radtest is *not* FreeRADIUS.  Again, look at the debug output of the
*server* to see how the *server* is behaving.

  Alan DeKok.