Authorization on AD group for L2TP does not pass

Niviteka
Niviteka Posts: 16  Freshman Member
Friend Collector First Comment
edited April 2021 in Security

Zywall 310 / fw 4.35 (AAAB.3)


For L2TP users, a local group (L2TP-VPN-users) in Zywall has been created, where those who are allowed access to VPN (allowed users) are placed.

AD authentication was configured, an ad-users internal user was added to the L2TP-VPN-users group. As a result, all users of the domain and local are authorized and connected.

But as soon as you try to allow authorization only for users belonging to a certain AD group (ext-group-user). Authorization fails ("disallowed user" in logs)

Group authorization is as follows - An AD-VPN user of the ext-group-user type is created. with settings defining the AD group. When testing inside the ext-group user test, the test passes - the status is OK.

The created user (AD-VPN) was added to the VPN allowed group (L2TP-VPN-users), and the ad-users built-in user was removed from the allowed group. After that, authorization through AD does not work.


Accepted Solution

  • Niviteka
    Niviteka Posts: 16  Freshman Member
    Friend Collector First Comment
    Answer ✓
    After update the newest weekly firmware  (V4.35(AAAB.3)ITS-WK13-r92843) problem was solved.

All Replies

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    @Niviteka
    As your description,
    can you check the account on AD is enabled? 

    Also, can I know do you login to the device GUI successfully via account?

  • Niviteka
    Niviteka Posts: 16  Freshman Member
    Friend Collector First Comment
    Account enabled.
    I can to login to the device GUI successfully via AD account.
    I can even connect to L2TP if I add the ad-user to the L2TP-VPN-users group, but then all domain users can join VPN.
    I need so that only users of the VPN-users group in AD can connect to VPN.



  • Niviteka
    Niviteka Posts: 16  Freshman Member
    Friend Collector First Comment
    Answer ✓
    After update the newest weekly firmware  (V4.35(AAAB.3)ITS-WK13-r92843) problem was solved.

Security Highlight