Zyxel Flex 500 VPN using Active Directory Authorisation
Options
OK so Im pulling my hair out on this one.
Active directory is setup correctly in AAA Server section and is working to the extent it allows logins to sessions on the firewall from its web interface (not that we use this functionality but a good way to see if you can login using AD credentials)
But if i try to set the same auth method up for my L2TP over IPSec VPN I get invalid username or password errors. I know the username and password is correct as i can log into a session using the same username and password on the zyxels web interface.
How do i debug this - its driving me crazy - way to many days spent trying to get it to work.
If i use a local username and password the vpn connects fine so i know its not the config of the vpn either.
Active directory is setup correctly in AAA Server section and is working to the extent it allows logins to sessions on the firewall from its web interface (not that we use this functionality but a good way to see if you can login using AD credentials)
But if i try to set the same auth method up for my L2TP over IPSec VPN I get invalid username or password errors. I know the username and password is correct as i can log into a session using the same username and password on the zyxels web interface.
How do i debug this - its driving me crazy - way to many days spent trying to get it to work.
If i use a local username and password the vpn connects fine so i know its not the config of the vpn either.
0
All Replies
-
First Screenshot showing an Active Directory Authorised login to the Device
Second Screenshot showing the rejected VPN login
0 -
Hello @RoyCruse,
Please login to Web CLI and input the CLI command below to check if AD join successfully.
_debug domain-auth test profile-name [profilename] username [username] password [password]
I would like to check on the packet captured between USG FLEX 500 and the AD server, could you provide them?Moreover, I have contacted you through private message, asking for remote access for further checking, please check your inbox, thank you.James0
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 79 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 909 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 898 Nebula FAQ
- 415 Security FAQ
- 234 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight