[IAG] AD domain password authentication and local password authentication are used at the same time, and the password authentication prompts that the password is wrong
Problem Description
AD domain password authentication and local password authentication are used at the same time. When selecting the server, ldap is in front and local is unsuccessful; local is in front and domain is unsuccessful
Process——
- Check the configuration remotely and find that the authentication policy has two configurations:
- The network segments configured for the two authentication policies are the same. One selects local users, and the other selects domain users.
30715b6424cdd49bf.png (23.12 KB) - Confirm that the authentication server in the authentication policy is a local one and a domain server
- Tell the authentication policy to match from top to bottom. The first authentication policy already includes all user network segments, so it can only match the corresponding authentication server.
- You need to check the local authentication server and domain server together in the first authentication policy to solve the problem. As shown in the figure:
647805b64259416c63.png (87.73 KB)
Root cause
The authentication policy does not check both local users and domain servers.
solution
For the same authentication policy, select local users and domain servers.
Original Link
https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=6200&isOpen=true