Home / server / Questions / 977677
Accepted
Mikael Dyreborg Hansen
Asked: 2019-08-02 23:07:46 +0800 CST

Behaviour of authentication when using multiple Radius servers on RRAS

  • 772

I've tried looking this up for hours but my google-fu is failing me it seems. The question is rather simple, if I configure multiple Radius servers in RRAS, if they're all ballanced equally, how are requests treated? Say, if the different RADIUS servers only authenticates specific authentication types (one using PEAP where certificates are used for authentication, one is using MSCHAPv2 and yet another uses, lets say smart card). Will the authentication request retry through the list of Radius servers until one succeeds or all fails? Or will it just be hit'n'miss on the first responder? Are all Radius servers in the list have to be configured with the same policies?

vpn

1 Answers

  1. Best Answer

    The preference is based on the RADIUS' Score (basically, the server responsiveness and the initial score)

    Routing and Remote Access uses a scoring mechanism to decide which RADIUS server to use. The score associated with a given RADIUS server is a combination of an initial score [...] and a dynamic score based on the RADIUS server's responsiveness.

    Routing and Remote Access uses the RADIUS server with the highest current score. You can use the Initial score setting to configure the preference order of the RADIUS servers in the list when Routing and Remote Access starts, but the actual order might change over time based on the responses of the RADIUS servers.

    Source: https://docs.microsoft.com/en-us/previous-versions//bb878027(v=technet.10)

    • 1