Hey Everyone,
I have a FreeRadius proxy to proxy radius requests from pam_radius for SSH to an Azure MFA radius box. Everything works fine when the Azure MFA server is working, but when it stops working, no one can log in due to radius failures. I was wondering if anyone knew how to set up the fallback part of a home_server_pool to a virtual server that just responds "Accept". I know this is bad practice, but since the servers are still doing AD Auth through Winbind, I don't feel it is a big issue since the Azure MFA is malfunctioning anyways and loosing access is a bigger issue.
This is my current config in the proxy.conf file:
Code:
home_server MFA1 {
type = auth
ipaddr = 192.168.1.101
port = 1812
proto = udp
secret = shared-secret1234
response_window = 60
response_timeouts = 5
zombie_period = 60
revive_interval = 120
status_check = request
username = "this_is_a_fake_user"
password = "this_is_not_real"
check_interval = 30
check_timeout = 4
num_answers_to_alive = 3
max_outstanding = 65536
#
# If ALL home servers are dead, then this "fallback" home server
# is used. If set, it takes precedence over any realm-based
# fallback, such as the DEFAULT realm.
#
# For reasons of stability, this home server SHOULD be a virtual
# server. Otherwise, the fallback may itself be dead!
#
#fallback = virtual.example.com
}
home_server MFA2 {
type = auth
ipaddr = 192.168.1.102
port = 1812
proto = udp
secret = shared-secret1234
response_window = 60
response_timeouts = 5
zombie_period = 60
revive_interval = 120
status_check = request
username = "this_is_a_fake_user"
password = "this_is_not_real"
check_interval = 30
check_timeout = 4
num_answers_to_alive = 3
max_outstanding = 65536
#
# If ALL home servers are dead, then this "fallback" home server
# is used. If set, it takes precedence over any realm-based
# fallback, such as the DEFAULT realm.
#
# For reasons of stability, this home server SHOULD be a virtual
# server. Otherwise, the fallback may itself be dead!
#
#fallback = virtual.example.com
}
home_server_pool MFA {
type = load-balance
home_server = MFA1
home_server = MFA2
}
realm DEFAULT {
auth_pool = MFA
nostrip
}