cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Multiple Login Options - RADIUS

Hello,


Hoping the community can help me with an issue I'm trying to solve. Our customer is trying to migrate away from one RADIUS based solution to another RADIUS based solution, doing so incrementally. They mentioned "Multiple Login Options" which seems to do what we want to do.

I setup Multiple Login Options as per the guide (this is for R80.10 with a client supported for the multiple login options) with two profiles, both RADIUS but pointing towards different RADIUS servers. This all looks correct, but it does not work - when using the MLO settings the authentication fails with "Failed to generate RADIUS auth request" but works fine when we use the legacy authentication settings. When attempting to use the MLO options the RADIUS server is not contacted at all.

My question here is thus:

1. Can anyone else think of a way to migrate away (in a staged manner) from one RADIUS based authentication solution to another other than what's suggested above?

2. I believe my configuration may not be setup correctly, but it is as far as I can tell as per the documentation. How does the firewall handle authentciation when using third party auth? (I was of the understanding both user and password were sent to the RADIUS server, but I don't think this is happening) I understand the old fashioned way of doings but this appears to be different.

3. Is MLO designed to work with profiles where each one points to different authentication servers using the same protocol? (I can see it being aimed more towards customers that use a mix of AD and say RSA SecurID tokens)

Any help appreciated.

Thanks

Daniel

3 Replies
Admin
Admin

Re: Multiple Login Options - RADIUS

I think Multiple Login Options is meant to support two different types of authentication, not two types of the same authentication.

But just in case, does this older SK apply? FireWall-1 drops FTP Server usernames with @ symbol 

0 Kudos

Re: Multiple Login Options - RADIUS

I had thought as much, but couldn't find much out about "proper" deployment.

Yeah, support had mentioned that to me - but there's no @ in the username, plus with the age of the article I thought it might not be relevant.

0 Kudos
Admin
Admin

Re: Multiple Login Options - RADIUS

It refers to the FTP Security Server, which no one should be using at this point Smiley Happy

0 Kudos