I configured Client Authentication Sequence for both GlobalProtect Portal and Gateway for both LDAP and local database. For some reason, only the first item in the list works. It does not seem to try the rest of the sequences in the list. If LDAP is first in the list, then LDAP authentication works but not Local database. If Local databse is first in the list, then local database authentication works but not LDAP authentication. What could be causing this? This is 9.0 version.
Auth sequence is simply a list of possible auth services. It will run down the list until one is accepted.
it is not designed for MFA.
you could look into Globalprotect MFA, there are plenty of links available, i use cert and Ldap.
you could just have local for portal and ldap for gateway.
although this could be less secure if portal is down and client uses cached gateway address.
Not trying to do multiple factor authentication. I simply want to two different methods of login in. Use either local database or LDAP. It suppose to take the login name and password and try each of the method in sequence until one login right?
Yes that is what should happen, sorry for the confusion, i thought you were trying to use 2 logins...
Does it say in monitor/system that it failed on just the first, i can try this on my test boxes tomorrow
i have ldap server 1, ldap server 2 and local database in my sequence.
i can login with either my local account or my ldap account so not sure whats going wrong for you.
i did confirm the sequence was working with monitor/packet capture to see a request going to all servers.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!