Forum Discussion
Michael_Levinso
Nimbostratus
NimbostratusFirepass Using AD for Groups and Radius (RSA)
Hello All:
We are currently using Firepass v6.0.1 fp4 and have a situation which has us up against a wall. We have a situation where we are using Active Directory and Radius (RSA). So the ...
matt_64003
Cirrus
CirrusMichael:
Can't you just set the AD group mapping in your Master group mapping table to have a higher priority than RADIUS group mapping?
The secondary AD authentication is a nice feature but it could use some work. Here are some of the gripes I have:
1)You should be able to enable it by group instead of globally. This way you could have secondary AD auth only if a user comes in on a specific virtual host or has a certain session variable (endpoint check). Right now, the user is given a second password prompt even if it is disabled in the Master Group Authentication settings. If you have a group that uses AD-only authentication the user has to enter the AD password twice - once to log into FirePass and again to be used for SSO.
2)If one of your passwords fails you have no idea which one. This has been causing some pain with our users - locked accounts, etc.
3)When your AD password expires, you have to perform RADIUS authentication before you can change your AD password.
Matt
