https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-and-mixed-authentication/m-p/23710#M17277 <HTML><HEAD></HEAD><BODY><P>Hi There,</P><P></P><P>Currently, in PAN-OS 3.x.x, alternative authentication servers are used only if the primary fails.&nbsp; PAN-OS 4.0 introduces the ability to chain authentication servers.</P><P>In the mean time, you would need to configure two SSL portals and have the local users go to one and the LDAP to the other.</P><P></P><P>Best Regards</P><P>James</P></BODY></HTML> Mon, 06 Dec 2010 09:27:18 GMT James 2010-12-06T09:27:18Z https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-and-mixed-authentication/m-p/23709#M17276 <HTML><HEAD></HEAD><BODY><P>Hi.</P><P></P><P>I've got an SSL VPN setup and working fine on my PA firewalls, using LDAP plugged into my AD for authentication.</P><P></P><P>I want to be able to authenticate LOCAL firewall users against this VPN configuration as well as LDAP useds.</P><P></P><P>Is this possible? I tried just adding the local users into the "allow" list but they wouldn't authenticate - kept giving an unknown user/password error.</P><P></P><P>If it's possible, what's the trick to making this work?</P><P></P><P>Thanks.</P></BODY></HTML> Mon, 06 Dec 2010 03:44:58 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-and-mixed-authentication/m-p/23709#M17276 dagibbs 2010-12-06T03:44:58Z https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-and-mixed-authentication/m-p/23710#M17277 <HTML><HEAD></HEAD><BODY><P>Hi There,</P><P></P><P>Currently, in PAN-OS 3.x.x, alternative authentication servers are used only if the primary fails.&nbsp; PAN-OS 4.0 introduces the ability to chain authentication servers.</P><P>In the mean time, you would need to configure two SSL portals and have the local users go to one and the LDAP to the other.</P><P></P><P>Best Regards</P><P>James</P></BODY></HTML> Mon, 06 Dec 2010 09:27:18 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-and-mixed-authentication/m-p/23710#M17277 James 2010-12-06T09:27:18Z https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-and-mixed-authentication/m-p/23711#M17278 <HTML><HEAD></HEAD><BODY><P>James.</P><P></P><P>Thanks for that - it's easier to just add users to AD on a restricted basis and stick them intot he existing LDAP authentication profile than to hassle with another SSL portal. I'll just live with that.</P><P></P><P>Cheers.</P></BODY></HTML> Mon, 06 Dec 2010 23:20:26 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-and-mixed-authentication/m-p/23711#M17278 dagibbs 2010-12-06T23:20:26Z