Authorization on AD group for L2TP does not pass
Zywall 310 / fw 4.35 (AAAB.3)
For L2TP users, a local group (L2TP-VPN-users) in Zywall has been created, where those who are allowed access to VPN (allowed users) are placed.
AD authentication was configured, an ad-users internal user was added to the L2TP-VPN-users group. As a result, all users of the domain and local are authorized and connected.
But as soon as you try to allow authorization only for users belonging to a certain AD group (ext-group-user). Authorization fails ("disallowed user" in logs)
Group authorization is as follows - An AD-VPN user of the ext-group-user type is created. with settings defining the AD group. When testing inside the ext-group user test, the test passes - the status is OK.
The created user (AD-VPN) was added to the VPN allowed group (L2TP-VPN-users), and the ad-users built-in user was removed from the allowed group. After that, authorization through AD does not work.
Accepted Solution
-
After update the newest weekly firmware (V4.35(AAAB.3)ITS-WK13-r92843) problem was solved.
0
All Replies
-
@Niviteka
As your description,
can you check the account on AD is enabled?
Also, can I know do you login to the device GUI successfully via account?
0 -
Account enabled.I can to login to the device GUI successfully via AD account.I can even connect to L2TP if I add the ad-user to the L2TP-VPN-users group, but then all domain users can join VPN.
I need so that only users of the VPN-users group in AD can connect to VPN.
0 -
After update the newest weekly firmware (V4.35(AAAB.3)ITS-WK13-r92843) problem was solved.
0
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 114 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 65 Switch Ideas
- 901 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 831 Nebula FAQ
- 401 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight