Connect via SSL VPN as a user from the AD group (USG FLEX 700)

RPasha

Can't connect via SSL VPN as a user from AD
A local user is connecting via SSL VPN (userl).
notice SSL VPN Failed login attempt to SSLVPN from http/https (incorrect password or inexistent username) [count=2]
Testing user userp in:
aaa group server ad dc01 - OK
username sslVPN - OK

My settings:
! model: USG FLEX 700
! firmware version: 5.41(ABWD.0)

aaa group server ad dc01
server port 389
server basedn DC=office,DC=shcrb,DC=kz
server search-time-limit 5
server binddn CN=userldap,OU=SpecialUsers,OU=OU,DC=office,DC=shcrb,DC=kz
server password-encrypted $4$4gnTprhE$83C+VR+vgOLStngdwdc
server cn-identifier sAMAccountName
server group-attribute memberOf
server host 192.168.1.32
server host 192.168.1.33

username sslVPN user-type ext-group-user associated-aaa-server dc01 group-id CN=sslVPN,OU=AccessGroup,OU=OU,DC=office,DC=shcrb,DC=kz
username sslVPN logon-time-setting default
username sslVPN vlan id 1

sslvpn policy SSL_SHCRB
network-extension activate
network-extension network NET_Office
network-extension ip-pool SSL_POOL
network-extension 1st-dns IP_DC01
network-extension 2nd-dns IP_DC02
user userl
user sslVPN

How do I correctly connect a group from AD to connect via SSL VPN?

Zyxel_Melen

Hi @RPasha

May I know if you have added the AD server to the authentication method?

From the config you post, I can't find related config. Please help to check this first. If you haven't, please add it first.

RPasha

Hi, Zyxel_Melen
I have:
Was:
aaa authentication AD group dc01
add
aaa authentication authSSLvpn group dc01 local
But I couldn't find it for use anywhere in the SSL VPN settings (not SSL portal).