Authentication Fallback

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Authentication Fallback

Not applicable

Hello,

So, we currently authenticate administrators to our PA's via Radius (TACACS).  Is there a way to configure the PA's that it will only use the local DB / Administrators if Radius isn't available? 

Thanks!

6 REPLIES 6

L0 Member

I'm curious if anyone have come up with a solution to this as we have the same requirement.

 

I'm also thinking, if we create the same credentials on our radius as with the local db but the radius profile has less priviledge (almost no priviledges). Then if the auth sequence is radius1 & radius2 (for redundancy), then as long as both radius are available, then said local db credentials (superadmin) won't be used correct? Correct me if I'm understanding it wrong.

FYI the docs may be wrong on this one, and the solution may work the way that @jseals  mentioned.  We authenticate VPN users against radius, and only if the radius servers are down should the local user database be used as a fallback.  In the Portal -> Authentication config, if the Radius auth is ordered first and the servers are responding, then the local user database is never checked.  Similarly, if the Local Database is ordered first, then auth will check the local database, and Radius is never checked (so putting anything after Local Database seems useless).  So we placed Radius first and Local Database second.

Not exactly the scenario that was mentioned above in the post, just a data point.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!