Symantec Privileged Access Management

 View Only
Expand all | Collapse all

Multiple LDAP user records with the same RADIUS login name

  • 1.  Multiple LDAP user records with the same RADIUS login name

    Posted Mar 22, 2019 12:05 PM

    We have an important client that users on LDAP and RADIUS users have the same LDAP login. According to the documentation says:

     

     

    Important

    During RADIUS authentication, if multiple user records are found with the same RADIUS login name, the login process is blocked and is deactivates all those users. An administrator explicitly enables one of these users.

    When importing LDAP users with RADIUS authentication, all these LDAP RADIUS users are deactivated when either of the following conditions exists:

    • If multiple LDAP users have the same RADIUS login name
    • If any of the LDAP user login names match an existing RADIUS user in the appliance.

     

    This means that in this case it is not possible to integrate RADIUS with CA PAM of the customer????

     

    Please your comments!

     

    Thank You!

     

    Adolfo.



  • 2.  Re: Multiple LDAP user records with the same RADIUS login name

    Broadcom Employee
    Posted Mar 25, 2019 08:11 AM

    Hello Adolfo,

     

    In PAM LDAP+Radius user's User Name maps to the User Principal Name property of the user in LDAP.

    This property is unique across the whole directory tree.

     

    Normally you should not encounter the initially described situation.