L2TP Ipsec AD login crash on last Firmware

ticsystems
ticsystems Posts: 52  ZCNE Certified
First Anniversary ZCNE Security Level 1 Certification - 2020 10 Comments Nebula Gratitude

Hy team.

In last firmware of all devices (ATP and Flex Series) the loggin with ad user crash.

The connection with server is OK with on log sais " Incorrect username or password"

I downgrade the firmware and connection with ad user is working now.

In ikev2 connections is working.

Thanks!

Accepted Solution

  • Zyxel_James
    Zyxel_James Posts: 584  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    We will have a formal release that fixes this problem, you may roll back to 5.37C0 and wait for our update.

«1

All Replies

  • smb_corp_user
    smb_corp_user Posts: 138  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer

    Sounds interesting. Maybe the new firmware makes old configuration incompatible?

  • Zyxel_James
    Zyxel_James Posts: 584  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    @ticsystems what's the previous version that AD users could work? Is it 5.36?

    Is it possible to provide the configuration of 5.37 and the previous version, I suspect the same thing as @smb_corp_user

  • tom_k
    tom_k Posts: 1
    First Comment

    Any easy solution for above or firmware downgrade only?

  • smb_corp_user
    smb_corp_user Posts: 138  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited November 2023

    @tom_k If it can be verified that the newest firmware makes the configuration partially incompatible (some settings stop working), it will be necessary to set up the configuration manually on the new firmware. Alternatively, if the configuration files can be viewed in a text file or document viewer, it could be possible to manually modify a copy of the old configuration to match the new firmware. Maybe this is not possible, and therefore some kind of conversion tool is needed to upgrade a saved configuration file.

  • ticsystems
    ticsystems Posts: 52  ZCNE Certified
    First Anniversary ZCNE Security Level 1 Certification - 2020 10 Comments Nebula Gratitude
    edited November 2023

    Error on post. Sorry

  • ticsystems
    ticsystems Posts: 52  ZCNE Certified
    First Anniversary ZCNE Security Level 1 Certification - 2020 10 Comments Nebula Gratitude

    Hy James.
    V5.37(ABFU.0) its working fine.
    V5.37(ABFU.1) Don´t Working in L2TP Ipsec connection. Ikev2 its working.

  • smb_corp_user
    smb_corp_user Posts: 138  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer

    Very interesting to see a change within such a small version difference. Should be possible for Zyxel Support to look at a saved config file from each firmware version and determine if the new firmware breaks the format for one or more specific settings.

  • Zyxel_James
    Zyxel_James Posts: 584  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    @ticsystems

    Except for the configuration of 5.37P0 and 5.37P1, please provide the results of the CLI commands below, thanks.

    Rourter>_debug domain-auth test profile-name [profilename] username [username] password [password]

    Router> test aaa server ad host 172.16.50.1 port 389 base-dn DC=Zyxel,DC=com bind-dn zyxel\engineerABC password abcdefg login-name-attribute sAMAccountName account userABC

    For the CLI above, here is the example settings.
    • IP address: 172.16.50.1
    • Port: 389
    • Base-dn: DC=Zyxel,DC=com
    • Bind-dn: zyxel\engineerABC
    • Password: abcdefg
    • Login-name-attribute: sAMAccountName

  • Zyxel_James
    Zyxel_James Posts: 584  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    We will have a formal release that fixes this problem, you may roll back to 5.37C0 and wait for our update.

Security Highlight