is there a way to configure admin access in such a setup:
group in ad and local password as a backup
i did it via configuring new auth realm but then useres have to select realm during log in.
what i woudl like to achive is to have one realm.
If you have created two Auth servers for the Admin users (AD and System Local) then you have two Admin Realms, as each Realm has one associated Authentication server.
Under the Sign-In Policies you associate one or more Authentication Realms with a Sign-In URL, for Administrators this is /admin by default. You have the option of either letting the user type the Realm name they wish to Authenticate against or selecting one or more Realms, these will be displayed in a list if more than one Realm is selected as the Authentication Realm.
One possible solution is to create an extra Administrator sign-in URL and associate one Realm per URL e.g. /admin and /admin-backup. This would then avoid users selecting the Realm at the Authentication page.
No, it is not possible to have this on a single realm
Each realm can use only 2 auth servers; the primary _must_ succeed in order to login; the secondary is optional if you want to use it. The idea of a backup server on a single realm is not present on the SA software.