Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Patrick_Lajda
Explorer

local authentication only if RADIUS is not reachable

Jump to solution

Hi,

is there any way to enable local authenticaion (i.e. admin user) only if the RADIUS servers is not reachable? That way only RADIUS users can authenticate on the firewall. If a network outage occurs (and RADIUS servers aren't reachable) the admin user could be used as fallback.

BR,
Patrick

1 Solution

Accepted Solutions
4 Replies
PhoneBoy
Admin
Admin
MR_K
Participant

Hi,

That is exactly what I was looking for, thanks!

Just one thing:

The file states at the beginning:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.

And timestamps of the file shows that it was modified around the last power-up.

Is there a way to persist the setting?

BR Marcus

0 Kudos
PhoneBoy
Admin
Admin

You'd have to set the immutable flag on the file (using chmod +i).

This will cause the file to not be overwritten.

To modify the file further, you will have to unset the immutable flag. 

0 Kudos
genisis__
Advisor

Hi Dameon,

We have a similar requirement, and want to clarify something (or I can raise a TAC case).

- We are using TACACS authentication, but sk105320 only refers to RADIUS, additionally this SK has not been updated since R80.20  (We are running R81.x), how is this done for TACACS?

- Our requirement is to have the fall-back position at the application level ie. Smartconsole login and not via GAIA OS; does the procedure achieve this or is the SK related to GAIA OS only or both?

Update:

I logged a TAC case Sept 9th.  To-date there has been zero progress on this!