The Code42 environment is able to utilize multiple RADIUS servers, and a single organization can be configured to use more than one RADIUS server for user authentication. Using multiple RADIUS servers alongside two-factor authentication involves some technical considerations. This article explains the conditions which may cause issues with using multiple RADIUS servers within a single organization.
For a more detailed explanation of how to set up RADIUS in your Code42 environment, see the RADIUS tutorial.
Use multiple RADIUS servers
One organization can be configured to use multiple RADIUS servers for authentication, but be aware of the following conditions on use of multiple RADIUS servers:
- The authority server consults RADIUS servers in the order in which they were added.
- If a user is not found within a RADIUS server, or the user's credentials are rejected, then the authority server will move on to the next RADIUS server.
- When two-factor authentication is used by one or more of the configured RADIUS servers, then the authority server may not cycle through the entire list of RADIUS servers.
- Depending on the particular configuration and RADIUS implementation, a RADIUS server may respond to an incorrect authentication request with an Access-Challenge message rather than an Access-Reject message.
- The authority server only cycles to the next RADIUS server in response to an Access-Reject message.
If you are configuring a single RADIUS server to use two-factor authentication in a multi-RADIUS server environment, then adding this RADIUS server last allows the authority server to cycle through the entire list of RADIUS servers.