Currently I am using local database for authentication on my pfsense. I know that Cisco's IOS has backup authentication methods for the cases when primary one fails. You can even not to authenticate at all if all servers fail. I want to use AD user base to organize the user control, but here is a question, what will happen when AD fails, can pfsense jump to local database?
Asked
Active
Viewed 674 times
1 Answers
0
By default, pfSense will try a local account – after a long delay until the connection times out.
(There were fixes regarding this in 2.4-git, but in current release versions everything will be slow.)
user1686
- 8,717
- 25
- 38
-
thanks, any ideas how long does "long" mean? – Edik Mkoyan Feb 06 '17 at 09:46
-
I think somewhere around 15/30/60 seconds if the server is down (not responding). – user1686 Feb 06 '17 at 12:19
-
You can set the timeout in configuration. It has been reduced to 5 seconds by default in one of the 2.3.x releases. – Daniel Nachtrub Mar 04 '17 at 13:45