Redundant best practices

[Alan DeKok]

On May 30, 2023, at 2:23 PM, Adam Taylor via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Is there a site/page that has the best practices to setting up a redundant/failover Freeradius server?

  Redundancy and fail-over is often part of the network layer.  e.g. VRRP.  And when you use VRRP, it's independent of the application.  So any VRRP "howto" will work with FreeRADIUS

> I have two set up and they both work independently, but when I add them to my wireless system config as primary/secondary, I get weird EAP session not matching at random times and the client just keeps trying to connect.  Remove the "secondary" Radius entry and everything starts working again.

  It sounds like tour wireless AP is broken.  It should pick one RADIUS server and stick with it.

  But this also highlights the problem with RADIUS clients.  They are often very bad,

>  If I flip the primary to secondary.....the secondary by itself has no more problems.  It only happens if I list two Radius servers.  I have now seen this on two completely different wireless systems, so it has made me want to make sure I am not doing something stupid on the Freeradius side that is causing this.

  Use two RADIUS servers, VRRP, and configure the AP with the VRRP IP address as the RADIUS server.  This lets you control which RADIUS server is up.

  Alan DeKok.