Two Factor Authentication with Active Directory User
On the Zywall 110 with the latest firmware I was able to successfully setup 2 SSLVPN with Active Directory authentication. However, I can't get 2 factor authentication to work by e-mail or mobile. Both fields (mail and mobile) are populated in the active directory, however in the log I still get the following error:
info Authentication Server Can't get email from user: ADUSER
info Authentication Server Can't get mobile from user: ADUSER
Any ideas?
All Replies
-
Hi @Romeo
Some information need your help to confirm
- Will reboot the device recover this issue or this symptom will just exist all the time
- What firmware version are you currently using
- How many users (and average concurrent users) will use SSL VPN to make the connection
0 -
Hello,
We have the same problem.
He manages to recover emails and therefore it works in L2TP / IPSEC, but from the same AD group, it does not work in SSL / VPN.
Model: ATP500
Firmware: V4.35 (ABFU.3) / 2020-02-26 16:56:26
With the coronavirus, we had to put this in place. It would be good if this issue is resolved as quickly as possible. Thank you.
0 -
Hi @Zyxel_Vic
- Rebooting does not help
- V4.35(AAAA.3)
- 15 total, 5-10 average concurrent users (not sure how this would relate to the issue?)
Please note that our Active Directory is based on Windows Server 2019 and another member of Zyxel support staff mentioned that Windows Server 2019 is not supported yet and this won't be fixed before the end of this year?? If that is true Zyxel can't be serious, first of all Windows Server has been out since nearly 2 years and secondly the relevant AD/LDAP fields (mail and mobile) have not changed? Can you shed some light on this?
0 -
For your information, our Active Directory is based on Windows Server 2008 R2 and we have exactly the same problem. We have 150 customers at Zyxel, I can test this configuration with one of our customers.
1 -
Thanks for your feedback, conectia. That means the support agent just made something up to close the ticket, even better. Zyxel could you please get your act together and fix this asap?
0 -
Yes, because if you have time to create an L2TP / IPSEC VPN connection and you apply two factor authentication on the same group as that used by your SSL / VPN connection, it works. So the zyxel is quite capable of reading the email field of the AD user. In addition, when you go to the user menu and you test an AD user of the group, you see all the LDAP fields returned, and therefore that of the email included.
0 -
Exactly, when I test the AD user I see all of the LDAP fields, including mail and mobile. Must be a bug in their SSL-VPN functionality.
0 -
Can you collect diagnose info on the device when trying to access the tunnel and private message for check further?
Here is the step to collect diagnose info
USG series
Go to Maintenance > Diagnostics > Diagnostics > Collect > click Collect Now
It will take 5~10 minutes to collect
After done the collection.
Go to Maintenance > Diagnostics > Diagnostics > Files to download the files and private message to us.
ATP series
Go to Maintenance > Diagnostics > Diagnostics > Collect > click Collect Now
It will take 5~10 minutes to collect
After done the collection.
Go to Maintenance > Diagnostics > Diagnostics > Files to download the files and private message to us.
0 -
done
0 -
I've sent you the debug file, however I have now the issue that two factor authentication suddenly STOPPED WORKING entirely! Users can just login WITHOUT any two factor authentication, even though it is enabled and correctly setup, nothing has been changed in the configuration. The SMTP and SMS gateways both work fine. This is a serious security issue and I slowly start to regret using Zyxel.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight