12-05-2010 07:44 PM
Hi.
I've got an SSL VPN setup and working fine on my PA firewalls, using LDAP plugged into my AD for authentication.
I want to be able to authenticate LOCAL firewall users against this VPN configuration as well as LDAP useds.
Is this possible? I tried just adding the local users into the "allow" list but they wouldn't authenticate - kept giving an unknown user/password error.
If it's possible, what's the trick to making this work?
Thanks.
12-06-2010 01:27 AM
Hi There,
Currently, in PAN-OS 3.x.x, alternative authentication servers are used only if the primary fails. PAN-OS 4.0 introduces the ability to chain authentication servers.
In the mean time, you would need to configure two SSL portals and have the local users go to one and the LDAP to the other.
Best Regards
James
12-06-2010 01:27 AM
Hi There,
Currently, in PAN-OS 3.x.x, alternative authentication servers are used only if the primary fails. PAN-OS 4.0 introduces the ability to chain authentication servers.
In the mean time, you would need to configure two SSL portals and have the local users go to one and the LDAP to the other.
Best Regards
James
12-06-2010 03:20 PM
James.
Thanks for that - it's easier to just add users to AD on a restricted basis and stick them intot he existing LDAP authentication profile than to hassle with another SSL portal. I'll just live with that.
Cheers.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
