Authentication -> What happens if AD is not available?



  • Hi Guys,

    Quick question, if we select an Active Directory server as the main authentication server for a pfsense box, what happens if the AD servers is unavailable for whatever reason? Would we be locked out, or would it try and authenticate with the Local Database?

    I did some digging but couldn't find a clear answer.

    Thanks,
    ehuk.



  • @ehuk:

    Quick question, if we select an Active Directory server as the main authentication server for a pfsense box, what happens if the AD servers is unavailable for whatever reason? Would we be locked out, or would it try and authenticate with the Local Database?

    It falls back to the Local Database. In fact, the Local Database is always active. If you log in with credentials not valid for the AD, pfSense will retry the same login with a local account instead.

    Keep the local admin account and give it a strong password. Then you can always log in regardless of AD connectivity. Also, you need a local account to do syncing between firewalls and ssh logins to the firewalls.

    Lars