TLS errors and clients sometimes rejected
Alan DeKok
aland at deployingradius.com
Wed Sep 18 12:45:27 UTC 2024
On Sep 18, 2024, at 8:39 AM, Rodrigo Abrantes Antunes <rodrigoantunes at pelotas.ifsul.edu.br> wrote:
> It's not one, it's around 400 devices, probably from students. I can't reject them. I will need to keep the old freeradius running then. Is it possible to configure a failover between two radius servers? If the user was rejected by the new one (beucause of old tls), try the old one?
No.
The only thing you can do is the following:
* run both servers
* the new one is the default server, and does authentication for all new devices
* the new one is also configured as a proxy, to send some packets to the old server
* list the MAC addresses the broken devices on the proxy (SQL, or "users" file)
* if a request comes in with a matching MAC, proxy it to the old
* the old server only handles the old devices
That should work.
Alan DeKok.
More information about the Freeradius-Users
mailing list