We will create a basic 802.1X service for authentication and add all the 25 AD servers as authentication source. This should work fine but the maximum number of authentication sources that can be associated with a service is 24. This limit is not enforced by UI.
25 authentication sources in one service is too many. This will impact the RADIUS authentication processing time especially if the user is present in an authentication source down in the list.
We would see the below errors on the radius logs on CPPM. Radius service will be down and authentication would fail.
YYYY-MM-DD 11:56:16,009 [main] ERROR RadiusServer.Radius - Errors reading radiusd.conf
YYYY-MM-DD 13:35:47,760 [main] INFO RadiusServer.Radius - radiusd: Initializing SSL library
YYYY-MM-DD 13:35:47,764 [main] INFO RadiusServer.Radius - NID of OnboardDeviceType is 923
YYYY-MM-DD 13:35:47,764 [main] INFO RadiusServer.Radius - NID of OnboardDeviceUDID is 924
YYYY-MM-DD 13:35:47,764 [main] INFO RadiusServer.Radius - NID of OnboardDeviceIMEI is 925
YYYY-MM-DD 13:35:47,764 [main] INFO RadiusServer.Radius - NID of OnboardDeviceICCID is 926
YYYY-MM-DD 13:35:47,764 [main] INFO RadiusServer.Radius - NID of OnboardMACAddress is 927
YYYY-MM-DD 13:35:47,764 [main] INFO RadiusServer.Radius - NID of OnboardProductName is 928
YYYY-MM-DD 13:35:47,764 [main] INFO RadiusServer.Radius - NID of OnboardProductVersion is 929
YYYY-MM-DD 13:35:47,764 [main] INFO RadiusServer.Radius - NID of OnboardUserName is 930
YYYY-MM-DD 13:35:47,764 [main] INFO RadiusServer.Radius - NID of OnboardDeviceSerial is 931
YYYY-MM-DD 13:35:47,764 [main] INFO RadiusServer.Radius - NID of OnboardCustomField is 932
YYYY-MM-DD 13:35:47,764 [main] INFO RadiusServer.Radius - NID of OnboardEmailAddress is 933
YYYY-MM-DD 13:35:47,764 [main] INFO RadiusServer.Radius - Starting - reading configuration files ...
YYYY-MM-DD 13:35:47,765 [main] ERROR RadiusServer.Radius - /usr/local/avenda/tips/var/radconfig/services.conf17: Unexpected end of file
YYYY-MM-DD 13:35:47,765 [main] ERROR RadiusServer.Radius - Errors reading radiusd.conf
YYYY-MM-DD 13:37:31,264 [main] INFO RadiusServer.Radius - radiusd: Initializing SSL library
YYYY-MM-DD 13:37:31,267 [main] INFO RadiusServer.Radius - NID of OnboardDeviceType is 923
YYYY-MM-DD 13:37:31,267 [main] INFO RadiusServer.Radius - NID of OnboardDeviceUDID is 924
YYYY-MM-DD 13:37:31,267 [main] INFO RadiusServer.Radius - NID of OnboardDeviceIMEI is 925
YYYY-MM-DD 13:37:31,267 [main] INFO RadiusServer.Radius - NID of OnboardDeviceICCID is 926
YYYY-MM-DD 13:37:31,267 [main] INFO RadiusServer.Radius - NID of OnboardMACAddress is 927
YYYY-MM-DD 13:37:31,267 [main] INFO RadiusServer.Radius - NID of OnboardProductName is 928
YYYY-MM-DD 13:37:31,267 [main] INFO RadiusServer.Radius - NID of OnboardProductVersion is 929
YYYY-MM-DD 13:37:31,267 [main] INFO RadiusServer.Radius - NID of OnboardUserName is 930
YYYY-MM-DD 13:37:31,267 [main] INFO RadiusServer.Radius - NID of OnboardDeviceSerial is 931
YYYY-MM-DD 13:37:31,267 [main] INFO RadiusServer.Radius - NID of OnboardCustomField is 932
YYYY-MM-DD 13:37:31,267 [main] INFO RadiusServer.Radius - NID of OnboardEmailAddress is 933
YYYY-MM-DD 13:37:31,267 [main] INFO RadiusServer.Radius - Starting - reading configuration files ...
YYYY-MM-DD 13:37:31,268 [main] ERROR RadiusServer.Radius - /usr/local/avenda/tips/var/radconfig/services.conf17: Unexpected end of file
YYYY-MM-DD 13:37:31,268 [main] ERROR RadiusServer.Radius - Errors reading radiusd.conf
YYYY-MM-DD 13:45:12,985 [main] INFO RadiusServer.Radius - radiusd: Initializing SSL library
YYYY-MM-DD 13:45:12,989 [main] INFO RadiusServer.Radius - NID of OnboardDeviceType is 923
YYYY-MM-DD 13:45:12,989 [main] INFO RadiusServer.Radius - NID of OnboardDeviceUDID is 924
YYYY-MM-DD 13:45:12,989 [main] INFO RadiusServer.Radius - NID of OnboardDeviceIMEI is 925
YYYY-MM-DD 13:45:12,989 [main] INFO RadiusServer.Radius - NID of OnboardDeviceICCID is 926
YYYY-MM-DD 13:45:12,989 [main] INFO RadiusServer.Radius - NID of OnboardMACAddress is 927
YYYY-MM-DD 13:45:12,989 [main] INFO RadiusServer.Radius - NID of OnboardProductName is 928
YYYY-MM-DD 13:45:12,989 [main] INFO RadiusServer.Radius - NID of OnboardProductVersion is 929
YYYY-MM-DD 13:45:12,989 [main] INFO RadiusServer.Radius - NID of OnboardUserName is 930
YYYY-MM-DD 13:45:12,989 [main] INFO RadiusServer.Radius - NID of OnboardDeviceSerial is 931
YYYY-MM-DD 13:45:12,989 [main] INFO RadiusServer.Radius - NID of OnboardCustomField is 932
YYYY-MM-DD 13:45:12,989 [main] INFO RadiusServer.Radius - NID of OnboardEmailAddress is 933
YYYY-MM-DD 13:45:12,989 [main] INFO RadiusServer.Radius - Starting - reading configuration files ...
YYYY-MM-DD 13:45:12,989 [main] ERROR RadiusServer.Radius - /usr/local/avenda/tips/var/radconfig/services.conf17: Unexpected end of file
YYYY-MM-DD 13:45:12,989 [main] ERROR RadiusServer.Radius - Errors reading radiusd.conf
To avoid this we definitely need a better design. We can add all the child domains to a Global Catalogue and add Global Catalogue in the authentication source.
However if we cannot make any changes to the AD, we can use the below solution.