Users randomly rejected when no connection with remote domain controllers
Alan DeKok
aland at deployingradius.com
Thu Sep 5 22:50:26 UTC 2024
On Sep 4, 2024, at 10:23 AM, Rodrigo Abrantes Antunes <rodrigoantunes at ifsul.edu.br> wrote:
> My institution has multiple AD domain controllers, one for each campus, all
> of them respond for the same domain and connect to each other through
> internet using a vpn.
>
> One of the servers is located in my campus and freeradius authenticates
> directly against this server.
>
> When the vpn is up, everything works as it should but when the vpn is down,
> users sometimes can't authenticate.
The domain controllers are giving LDAP referrals to systems on the other side of the VPN. When the VPN is down, those systems are unreachable.
> Any ideas of what might be happening?
You need to reconfigure the local Active Directory servers to have copies of all of the relevant information, so that they don't give referrals to machines across the VPN. This usually means making the local AD server a global catalog server.
That's all Active Directory magic which I try hard to avoid, so I don't have much advice other than that.
Alan DeKok.
More information about the Freeradius-Users
mailing list