USG310: AD Users can't connect IKEv2 since update 4.35 AAPJ0
Freshman Member
since updating to firmware 4.35 AAPJ0 AD-users get an "Auth fail", while connecting via IKEv2. Local Users are no problem.
I have checked "AAA-Server" settings and the test function for username still delivers "ok". Auth method is first still "group ad" an second is local.
In IKE log only "auth fail" is diplayed..
Can anyone help?
All Replies
-
Hi @KMB,
The USG310 must join an AD domain.
In the following example, domain name is usg.com.
Go to CONFIGURATION > System > Host Name and enter the domain name.
Go to CONFIGURATION > System > DNS > Address/PTR Record and add a record for AD server.
On AD server, usg310 should appear in Computers.
Go to AAA Server > Active Directory > AD object. Configure Domain Authentication for MSChap.
The user in this field should belongs to “domain admin” on your AD server.
Result: IKEv2 is established with AD account successfully.
0
Zyxel Employee
Categories
- All Categories
- 434 Beta Program
- 2.7K Nebula
- 174 Nebula Ideas
- 117 Nebula Status and Incidents
- 6.1K Security
- 418 USG FLEX H Series
- 297 Security Ideas
- 1.6K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 43 Wireless Ideas
- 6.7K Consumer Product
- 269 Service & License
- 416 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 87 Security Highlight
