Cascading multiple external authentication servers provides a continuous, reliable process for authenticating and authorizing external users. If authentication fails on the first authentication server, the NetScaler SDX Management Service attempts to authenticate the user by using the second external authentication server, and so on.
To enable cascading authentication, you need to add the external authentication servers to the Management Service. For more information, see Configuring External Authentication. You can add any type of the supported external authentication servers (RADIUS, LDAP, and TACACS). For example, if you want to add four external authentication servers for cascading authentication, you can add two RADIUS servers, one LDAP server, and one TACACS server, or four servers of the same type. You can configure up to 32 external authentication servers in NetScaler MAS.
To cascade external authentication servers:
- On the Configuration tab, under System, expand Authentication.
- In the Authentication page, click Authentication Configuration.
- In the Authentication Configuration page, select EXTERNAL from the Server Type drop-down list (you can cascade only external servers).
- Click Insert, and on the External Servers page that opens, select one or multiple authentication servers that you would like to cascade.
- Click OK.
The selected servers are displayed on the Authentication Servers page as shown in the figure below. You can specify the order of authentication by using the icon next to a server name to move the server up or down in the list.