-
-
Notifications
You must be signed in to change notification settings - Fork 74
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple TACACS+/RADIUS servers enhancement #734
Comments
We use https://metacpan.org/pod/Authen::Radius which supports only a single server, as far as I can tell However https://metacpan.org/pod/Authen::TacacsPlus seems to support multiple servers. |
Oh, looks like the RADIUS module can do it too:
|
Works great, had to lower the timeout value (15) otherwise it takes awhile but otherwise great. Cheers! |
Expected Behaviour
Be able to define multiple TACACS/RADIUS servers for failover, servers should be listed as per the LDAP server list and tried in that order. If the server is not available move onto the next in the list.
Documentation for RADIUS only describes the "server" option
https://github.com/netdisco/netdisco/wiki/Configuration#radius
Documentation for LDAP describes the "servers" option
https://github.com/netdisco/netdisco/wiki/Configuration#ldap
Current Behaviour
Currently TACACS/RADIUS options can only use one server which breaks authentication if that server is not available
Possible Solution
Might be possible to reuse the "servers" code from LDAP option but I am unsure if that is a good idea.
Context
Allows for HA of the authentication mechanism when using TACACS/RADIUS auth
The text was updated successfully, but these errors were encountered: