https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162020-08-20T08:27:27ZpfSense bugtrackerpfSense - Feature #10843: Allow user manager settings to specify multiple authentication servershttps://redmine.pfsense.org/issues/10843?journal_id=475342020-08-20T08:27:27ZJim Pingle
<ul><li><strong>Category</strong> set to <i>Authentication</i></li></ul> pfSense - Feature #10843: Allow user manager settings to specify multiple authentication servershttps://redmine.pfsense.org/issues/10843?journal_id=583192022-01-13T07:21:50ZJim Pingle
<ul><li><strong>Has duplicate</strong> <i><a class="issue tracker-2 status-11 priority-4 priority-default closed" href="/issues/12682">Feature #12682</a>: RADIUS authentication fallback for pfSense GUI</i> added</li></ul> pfSense - Feature #10843: Allow user manager settings to specify multiple authentication servershttps://redmine.pfsense.org/issues/10843?journal_id=583202022-01-13T07:22:16ZJim Pingle
<ul><li><strong>Subject</strong> changed from <i>RFE: Allow user manager settings to specify multiple authentication servers</i> to <i>Allow user manager settings to specify multiple authentication servers</i></li></ul> pfSense - Feature #10843: Allow user manager settings to specify multiple authentication servershttps://redmine.pfsense.org/issues/10843?journal_id=674472023-05-15T10:24:11ZDenis Grilli
<ul></ul><p>Just here to push this up. This feature would be very useful on enterprise environments.</p> pfSense - Feature #10843: Allow user manager settings to specify multiple authentication servershttps://redmine.pfsense.org/issues/10843?journal_id=707052023-11-07T22:23:57ZRyan Whitlock
<ul></ul><p>Denis Grilli wrote in <a href="#note-4">#note-4</a>:</p>
<blockquote>
<p>Just here to push this up. This feature would be very useful on enterprise environments.</p>
</blockquote>
<p>I concur! Please make this a higher priority.</p> pfSense - Feature #10843: Allow user manager settings to specify multiple authentication servershttps://redmine.pfsense.org/issues/10843?journal_id=721992024-02-13T16:16:34ZChris Linstruth
<ul></ul><p>This feature should also include the ability to define specific failover behavior if the configured authentication servers are either unreachable or return auth failures.</p> pfSense - Feature #10843: Allow user manager settings to specify multiple authentication servershttps://redmine.pfsense.org/issues/10843?journal_id=722002024-02-13T16:33:11ZJim Pingle
<ul></ul><p>I've been thinking about this a bit lately since we've added something similar in the upcoming TNSR release.</p>
<p>Like there, we could have a way to define "server groups" and then rather than offering a list of all auth servers, we offer the groups where users can now select servers. Inside each group you could only list the servers you want to use and the order in which they should be queried.</p>
<p>And then for example GUI/system auth you'd pick it by group, same with OpenVPN server auth, IPsec user auth, etc.</p>
<p>Chris Linstruth wrote in <a href="#note-6">#note-6</a>:</p>
<blockquote>
<p>This feature should also include the ability to define specific failover behavior if the configured authentication servers are either unreachable or return auth failures.</p>
</blockquote>
<p>For local auth this could happen naturally if the auth server groups had individual entries for each server plus "Local" and then you could set a group to only include remote servers and <em>not</em> the local auth, which would then be excluded.</p>
<p>But beyond that it would also be helpful to have a choice between "use the next server on any failure" vs "use the next server only if the first is unreachable" so users can consider an auth failure a failure at any point.</p>