L2TP Ipsec AD login crash on last Firmware

ticsystems
ticsystems Posts: 69  ZCNE Certified
First Comment Friend Collector Nebula Gratitude Fifth Anniversary

Hy team.

In last firmware of all devices (ATP and Flex Series) the loggin with ad user crash.

The connection with server is OK with on log sais " Incorrect username or password"

I downgrade the firmware and connection with ad user is working now.

In ikev2 connections is working.

Thanks!

Accepted Solution

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    Answer ✓

    We will have a formal release that fixes this problem, you may roll back to 5.37C0 and wait for our update.

«1

All Replies

  • smb_corp_user
    smb_corp_user Posts: 168  Master Member
    5 Answers First Comment Friend Collector Second Anniversary

    Sounds interesting. Maybe the new firmware makes old configuration incompatible?

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers

    @ticsystems what's the previous version that AD users could work? Is it 5.36?

    Is it possible to provide the configuration of 5.37 and the previous version, I suspect the same thing as @smb_corp_user

  • tom_k
    tom_k Posts: 1
    First Comment

    Any easy solution for above or firmware downgrade only?

  • smb_corp_user
    smb_corp_user Posts: 168  Master Member
    5 Answers First Comment Friend Collector Second Anniversary
    edited November 2023

    @tom_k If it can be verified that the newest firmware makes the configuration partially incompatible (some settings stop working), it will be necessary to set up the configuration manually on the new firmware. Alternatively, if the configuration files can be viewed in a text file or document viewer, it could be possible to manually modify a copy of the old configuration to match the new firmware. Maybe this is not possible, and therefore some kind of conversion tool is needed to upgrade a saved configuration file.

  • ticsystems
    ticsystems Posts: 69  ZCNE Certified
    First Comment Friend Collector Nebula Gratitude Fifth Anniversary
    edited November 2023

    Error on post. Sorry

  • ticsystems
    ticsystems Posts: 69  ZCNE Certified
    First Comment Friend Collector Nebula Gratitude Fifth Anniversary

    Hy James.
    V5.37(ABFU.0) its working fine.
    V5.37(ABFU.1) Don´t Working in L2TP Ipsec connection. Ikev2 its working.

  • smb_corp_user
    smb_corp_user Posts: 168  Master Member
    5 Answers First Comment Friend Collector Second Anniversary

    Very interesting to see a change within such a small version difference. Should be possible for Zyxel Support to look at a saved config file from each firmware version and determine if the new firmware breaks the format for one or more specific settings.

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers

    @ticsystems

    Except for the configuration of 5.37P0 and 5.37P1, please provide the results of the CLI commands below, thanks.

    Rourter>_debug domain-auth test profile-name [profilename] username [username] password [password]

    Router> test aaa server ad host 172.16.50.1 port 389 base-dn DC=Zyxel,DC=com bind-dn zyxel\engineerABC password abcdefg login-name-attribute sAMAccountName account userABC

    For the CLI above, here is the example settings.
    • IP address: 172.16.50.1
    • Port: 389
    • Base-dn: DC=Zyxel,DC=com
    • Bind-dn: zyxel\engineerABC
    • Password: abcdefg
    • Login-name-attribute: sAMAccountName

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    Answer ✓

    We will have a formal release that fixes this problem, you may roll back to 5.37C0 and wait for our update.

Security Highlight