System login
When a user attempts to login into the system, the local user database is always consulted first.
If a corresponding account is found, the user is logged in to the system.
If the account is not found in the local DB and if Radius is enabled, a Radius Access Request is performed.
If Radius responds with an Access Accept message, the user is logged in to the system.
Access accounting
After a successful login, an accounting record is always created in the local database.
Even Radius-based logins are accounted in the local DB.
If Radius is enabled, an Radius Accounting Request is performed. The failure of Radius accounting is not considered as an error.
This means a user will be allowed to log-in, even if Radius accounting fails.
This is done because even logins using the local database are accounted against Radius (if Radius is enabled).
If Unimus didn't allow login after Radius accounting failed, system access would not be possible in case of Radius failure.
An accounting record in the local DB is always created, so this mechanism does not compromise the auditability of the system access.