Cascading AD Authentication fails

Question

I have two AD authenticators (on a BIP-IP Edge Gateway 10.2.1) - Ext-AD-Auth and Int-AD-Auth. If a user is not in Ext-AD, I want to be able to test against Int-AD.&nbsp;
&nbsp;If a user can successfully log in to Ext-AD, then the VPN is established. But if the user is not in the first AD tree, I want the Int-AD-Auth event to fire.&nbsp;
&nbsp;But when the user is not in the AD, I get &nbsp;
&nbsp;Authentication with 'username' failed in krb5_get_init_creds_password(): Client 'username@ext.domain.com' not found in Kerberos database, principal name: username@EXT.DOMAIN.COM. Please verify Active Directory and DNS configuration. (-1765328378)&nbsp;
&nbsp;and "bad username /password" gets displayed at the login screen.&nbsp;
&nbsp;Is there some way I can get the next step to fire the Int-AD-Auth through the fallback leg?&nbsp;
&nbsp;Thanks&nbsp;&nbsp;

mandrake · Answer

Hi, 
&nbsp;  
&nbsp; Anybody got lucky with above ? 
&nbsp;  
&nbsp; THx

Forum Discussion

Cascading AD Authentication fails

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Cascading Configs Tool for F5 Distributed Cloud Managed Service Provider (MSP) and Delegated Access Customers

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Doing mTLS Authentication per URL

iControl REST Authentication Token Management

Application Programming Interface (API) Authentication types simplified

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS