L2TP VPN Active Directory authentication do not work
Options
Freshman Member
Hi everyone,
I'm trying to set up an L2TP/IPSec VPN with AD authentication but it does not work because my user is rejected. The appliance is a USG Flex 100 managed by Nebula.
First of all, I add my AD to Nebula
And I configure the VPN server with my AD for authentication
Then I add a test user to my AD users
And finally, here is the log when trying to connect to this VPN
It's really surprising because I'm 200% hundred sure of the username and password.
Am i doing something wrong ? Please also note that the USG Flex is correctly added to my AD in the "Computers" section.
Should I configure something else on my AD ? NPS maybe ? Or should the user be added to a specific group ?
Thanks,
Sebastien
I'm trying to set up an L2TP/IPSec VPN with AD authentication but it does not work because my user is rejected. The appliance is a USG Flex 100 managed by Nebula.
First of all, I add my AD to Nebula
And I configure the VPN server with my AD for authentication
Then I add a test user to my AD users
And finally, here is the log when trying to connect to this VPN
It's really surprising because I'm 200% hundred sure of the username and password.
Am i doing something wrong ? Please also note that the USG Flex is correctly added to my AD in the "Computers" section.
Should I configure something else on my AD ? NPS maybe ? Or should the user be added to a specific group ?
Thanks,
Sebastien
0
All Replies
-
Hello @Sébastien,Please confirm the account could be queried by your firewall. Connect to console port and input"_debug domain-auth test profile-name example.profile.name username example.username password example.password".
Moreover, please provide org/site to me via private message, and enable Zyxel support access, you can find it at Help > Support Request > Zyxel support access, enable zyxel support. I would like to check on your device, thank you.
James0 -
Dear James,
I have tried the command using a SSH connection to the router, and the answer is :% Get AD group VDC has failedretval = -24004ERROR: Display AAA group has failed.
Where VDC is the name of my AD configuration in Nebula.
What does this mean ?
Thanks,
Sébastien0 -
0
Zyxel Employee
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 52 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight
