Users randomly rejected when no connection with remote domain controllers
Rodrigo Abrantes Antunes
rodrigoantunes at pelotas.ifsul.edu.br
Fri Sep 6 12:42:51 UTC 2024
Citando Alan DeKok <aland at deployingradius.com>:
> The domain controllers are giving LDAP referrals to systems on the
> other side of the VPN. When the VPN is down, those systems are
> unreachable.
Wouldn't this prevent the users from authenticate at all when VPN is
down? Most of the time they can authenticate, but sometimes are
rejected in a batch and then can authenticate again
> You need to reconfigure the local Active Directory servers to have
> copies of all of the relevant information, so that they don't give
> referrals to machines across the VPN. This usually means making the
> local AD server a global catalog server.
I am not the domain admin. All the campuses have the same AD server
configuration as mine, the main campus IT staff gave us these servers
already configured and we can't even login in them.
A thing to mention is that other campuses uses NPS or ISE as NAC and
don't have this problem when VPN is down.
My campus is the only one using freeradius, that's why I thought that
this could be a configuration error in my freeradius.
Thanks.
More information about the Freeradius-Users
mailing list