How can I configure such a way that , for the administration users to authenticate with RADIUS servers with their respective credentials and when the Radius server down admin user should be able to authenticate local database . How can I achieve this using a single signing page ? . Or if there is any best way to use local databases as backup authentication server when external auth server fails or network failure ? . Appreciate the inputs and thoughts
If you want to seperate "admin' users from "normal" users you could prox the realm they are in to a backend radius server, you can do this by proxying that specific realm from the "normal" users radius server to a backend server.
I have seen a freeradius plugin some years ago that can check users against a tacacs server. So you should be able to use tacacs as the backend of the freeradius server and can maintain one database. Never tried it myself!!