To reproduce (tested on OPNsene 24.7.9_1 and Windows NPS):
- Configure a pair of OPNsense hosts in HA and set "Auth Servers" to sync in System: High Availability: Settings
- Configure a RADIUS server in System: Access: Servers
- Configure a RADIUS server and add both OPNsense hosts as clients
- Synchronise config to backup in System: High Availability: Status
- Attempt to log into configuration master with a RADIUS account, then into the peer
Result:
The RADIUS logs will show two login attempts, one from each client, and both with identical NAS Identifier. Even if the first login attempt is successful, the second one will fail due to the duplicated NAS ID.
Expected Result:
If I use HA/XMLRPC sync to keep my Authentication Server settings synchronised between two hosts, the NAS ID should not be copied.
Recommended Change:
The second peer should have some mechanism to generate its own unique NAS ID if a RADIUS server is created by XMLRPC sync.