IPA does not support multiaddress radius proxy configuration. It is actually a bug that it allowed to enter multiple addresses using web interface. PR https://github.com/freeipa/freeipa/pull/1922 to fix that was created.
The customer has to use different tools to secure RADIUS cluster. I would propose to create a Virtual IP for RADIUS servers and use that IP in IPA configuration.
The VIP can be created an managed by, for example, keepalied daemon. Please check http://www.keepalived.org/ for more details.
Re-opening to track making this a single-value field.
b82af69 Radius proxy multiservers fix
875dfc4 Radius proxy multiservers fix
6b2653d Radius proxy multiservers fix
Execute upstream xmlrpc test for radiusproxy_plugin :
1. install ipa server
2. create symlink to ipa's default.conf
$ ln -s /etc/ipa/default.conf ~/.ipa/default.conf
3. kinit admin
4. convert ca pkcs12 to pem format and place it in ~/.ipa/
$ openssl pkcs12 -in cacert.p12 -out ~/.ipa/ca.crt -nodes
5. execute testsuite
ipa-run-tests -v -r a --logging-level=DEBUG test_xmlrpc/test_radiusproxy_plugin.py
test_xmlrpc/test_radiusproxy_plugin.py::test_raduisproxy::test_command[0003: radiusproxy_add: Try to add multiple radius proxy server u'testradius'] <- xmlrpc_test.py [ipalib.rpc] [try 1]: Forwarding 'radiusproxy_add/1' to json server 'https://master.testrelm.test/ipa/json'
Full console logs with all test cases are provided.
All tests are passing, hence marking bug as verified.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.