AnsweredAssumed Answered

Multiple Login Options - RADIUS

Question asked by Daniel Collins on Oct 3, 2018
Latest reply on Oct 5, 2018 by Dameon Welch-Abernathy

Hello,


Hoping the community can help me with an issue I'm trying to solve. Our customer is trying to migrate away from one RADIUS based solution to another RADIUS based solution, doing so incrementally. They mentioned "Multiple Login Options" which seems to do what we want to do.

 

I setup Multiple Login Options as per the guide (this is for R80.10 with a client supported for the multiple login options) with two profiles, both RADIUS but pointing towards different RADIUS servers. This all looks correct, but it does not work - when using the MLO settings the authentication fails with "Failed to generate RADIUS auth request" but works fine when we use the legacy authentication settings. When attempting to use the MLO options the RADIUS server is not contacted at all.

 

My question here is thus:

 

1. Can anyone else think of a way to migrate away (in a staged manner) from one RADIUS based authentication solution to another other than what's suggested above?

2. I believe my configuration may not be setup correctly, but it is as far as I can tell as per the documentation. How does the firewall handle authentciation when using third party auth? (I was of the understanding both user and password were sent to the RADIUS server, but I don't think this is happening) I understand the old fashioned way of doings but this appears to be different.

3. Is MLO designed to work with profiles where each one points to different authentication servers using the same protocol? (I can see it being aimed more towards customers that use a mix of AD and say RSA SecurID tokens)

 

Any help appreciated.

 

Thanks

 

Daniel

Outcomes