L2TP Ipsec AD login crash on last Firmware
ZCNE Certified
Hy team.
In last firmware of all devices (ATP and Flex Series) the loggin with ad user crash.
The connection with server is OK with on log sais " Incorrect username or password"
I downgrade the firmware and connection with ad user is working now.
In ikev2 connections is working.
Thanks!
Accepted Solution
-
We will have a formal release that fixes this problem, you may roll back to 5.37C0 and wait for our update.
1
Zyxel Employee
All Replies
-
Sounds interesting. Maybe the new firmware makes old configuration incompatible?
0 -
@ticsystems what's the previous version that AD users could work? Is it 5.36?
Is it possible to provide the configuration of 5.37 and the previous version, I suspect the same thing as @smb_corp_user
0 -
Any easy solution for above or firmware downgrade only?
0 -
@tom_k If it can be verified that the newest firmware makes the configuration partially incompatible (some settings stop working), it will be necessary to set up the configuration manually on the new firmware. Alternatively, if the configuration files can be viewed in a text file or document viewer, it could be possible to manually modify a copy of the old configuration to match the new firmware. Maybe this is not possible, and therefore some kind of conversion tool is needed to upgrade a saved configuration file.
0 -
Error on post. Sorry
0 -
Hy James.
V5.37(ABFU.0) its working fine.
V5.37(ABFU.1) Don´t Working in L2TP Ipsec connection. Ikev2 its working.0 -
Very interesting to see a change within such a small version difference. Should be possible for Zyxel Support to look at a saved config file from each firmware version and determine if the new firmware breaks the format for one or more specific settings.
0 -
Except for the configuration of 5.37P0 and 5.37P1, please provide the results of the CLI commands below, thanks.
Rourter>_debug domain-auth test profile-name [profilename] username [username] password [password]
Router> test aaa server ad host 172.16.50.1 port 389 base-dn DC=Zyxel,DC=com bind-dn zyxel\engineerABC password abcdefg login-name-attribute sAMAccountName account userABC
For the CLI above, here is the example settings.
• IP address: 172.16.50.1
• Port: 389
• Base-dn: DC=Zyxel,DC=com
• Bind-dn: zyxel\engineerABC
• Password: abcdefg
• Login-name-attribute: sAMAccountName0 -
You have a private message
0 -
We will have a formal release that fixes this problem, you may roll back to 5.37C0 and wait for our update.
1
Master Member
Categories
- All Categories
- 394 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 81 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 914 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 907 Nebula FAQ
- 415 Security FAQ
- 236 Switch FAQ
- 206 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 138 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight
