FreeRADIUS High Availability with AD Integration

A.L.M.Buxey at A.L.M.Buxey at
Mon Mar 30 23:00:33 CEST 2015


> I've a single FreeRADIUS 3 server integrated in a AD domain to provide 802.1x authentication over the air and in the Ethernet cable. It's working perfectly, but I would like to implement an High Availability feature.

okay.... you can either have multiple ntlm_auth's defined in multiple mschap modules and do the
same way as mysql HA - with failover/error redundancy....or
> The question is how to do this? Just install another FreeRADIUS server independently and everything would be fine? 

...use multiple RADIUS servers that are bound into the AD yes.

>Since the supplicants can use two distinct RADIUS servers.

no. the NAS ca use multiple RADIUS servers - the supplicant in the OS hasnt a clue about anything. 
and whilst you can use different RADIUS certs, dont. just use the same cert, signed by the same CA.


More information about the Freeradius-Users mailing list