So I have the following scenario: Several OpenWrt (23.05) routers used as access points and VPN gateways on a network using Active Directory. The Wi-Fi uses WPA2-Enterprise with Microsoft's Network Policy Server as the RADIUS server for authentication. The access points on each site use the RADIUS server on the domain controller in the local site (all sites have at least one domain controller). All RADIUS servers remain in sync due to Active Directory replication.
The main problem is that remote sites don't have 24/7 IT services, and if a domain controller crashes, it might take up to a couple of days to bring it back up. Since all sites are connected via site-to-site VPNs, workstations fall back to domain controllers in remote sites for login.
Unfortunately in the case of the Wi-Fi it completely disrupts operation until I reconfigure the access point to use a different RADIUS server.
Is there any way to configure OpenWrt to have a fallback RADIUS server in case the primary one does not respond?