Forum Discussion
Michael_Levinso
Nimbostratus
Aug 16, 2007Firepass Using AD for Groups and Radius (RSA)
Hello All:
We are currently using Firepass v6.0.1 fp4 and have a situation which has us up against a wall. We have a situation where we are using Active Directory and Radius (RSA). So the situation is as follows. End user with a company laptop goes to login to Firepass. They login with their username, they enter their Radius information (PIN&Token) on 2nd line and AD password on 3rd line (for SSO). The whole and only reason we are using Radius (RSA) is to protect the Network Connect function. No Token = No Network Connect link. The end user has the ability for less access by only entering username and domain password. The issue here is that when a user goes to login to the Firepass and enters token information and AD, the Firepass will place the end user in the Radius Master Group instead of a AD master group. This is a large challenge and is not what we are trying to accomplish. This configuration also is causing problems when end users AD password expires. In this situation the Firepass will still attempt to send password information to the Radius server to auth even when you are trying to change your password. The change password screen also creates confussion for the end user as it will display the Radius box, the domain box and then two additional boxes for the password change. If the end user is only attempting to change their domain password, they enter their OLD domain password in the Radius box, then enter the new password in the new password box. Once that is completed the end user then gets a webtop, no SSO capibilities at that point. That also creates bad end user experienc. Further the end user experience when a password is wrong or Radius is wrong is tough to understand. The Firepass does not tell the end user which of their credientials are incorrect and can result in locked out accounts in both Radius and AD.
My search here is does anyone else user both Radius or RSA and Acitve Directory together in end user authentication? How are you handling the situation I mention above?
Michael Levinson
CNA Insurance
1 Reply
- matt_64003
Cirrus
Michael:
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects