Hello list, I've spent a lot of time trying to find a way to use at least 2 Radius Servers in order to authenticate users in a reverse proxy config. I currently use httpd-2.2.9 & mod_auth_xradius-0.4.6. I have tried a lot of combination even with several Radius products (RSA, ActivID, ...) but to no avail... If I only use one auth server, everything runs fine. First I wanted to simply use multiple "AuthXRadiusAddServer" lines in my httpd.conf, as suggested by mod_auth_xradius, but this feature is buggy, as one can see here : http://issues.outoforder.cc/view.php?id=43 I also wanted to use multiple providers in "AuthBasicProvider" directive, as 2.2's doc suggest. I've made several tests : - if I use "AuthBasicProvider file xradius", the behaviour is as expected : the user is searched in auth file and if not present Radius server is queried - if I use "AuthBasicProvider xradius file", Radius is queried first but if this fails (server unreachable/not responding), file is never tested. I also tested almost the same by loading mod_authn_alias and using my two Radius auth servers : <AuthnProviderAlias xradius radius1> ... </AuthnProviderAlias> <AuthnProviderAlias xradius radius2> ... </AuthnProviderAlias> AuthBasicProvider Radius1 Radius2 But the behaviour was similar to the previous, no redundancy ... As mod_auth_xradius is supposed to be 2.1+ API compatible, I thought this should have worked, but in fact this does not seem to be the case ... The only remaing solutions for me are : - hack mod_auth_xradius's code to "force" it to work as expected, but as I am no developper, this is likely to be a very ugly hack ... - use a load balancer in front of my radius servers to guarantee high availability ... I was wondering if someone has already experienced such problems using multiple authproviders, with mod_auth_xradius or more generally with radius auth redundancy and how he managed to solve this. Thanks a lot for your help. Emmanuel Bailleul Security Engineer Telindus FRANCE --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|