Forum Discussion

worf359_98967's avatar
Icon for Nimbostratus rankNimbostratus
Aug 17, 2011

Cascading AD Authentication fails

I have two AD authenticators (on a BIP-IP Edge Gateway 10.2.1) - Ext-AD-Auth and Int-AD-Auth. If a user is not in Ext-AD, I want to be able to test against Int-AD.



If a user can successfully log in to Ext-AD, then the VPN is established. But if the user is not in the first AD tree, I want the Int-AD-Auth event to fire.



But when the user is not in the AD, I get



Authentication with 'username' failed in krb5_get_init_creds_password(): Client '' not found in Kerberos database, principal name: username@EXT.DOMAIN.COM. Please verify Active Directory and DNS configuration. (-1765328378)



and "bad username /password" gets displayed at the login screen.



Is there some way I can get the next step to fire the Int-AD-Auth through the fallback leg?