AD Auth with built-in Windows L2TP client
When configuring a USG60 with Active Directory authentication, I can auth using "username" successfully. When configuring the built-in Windows10 L2TP/IPSec client to connect using windows credentials, it is sending "DOMAIN\User" and fails to authenticate. In addition, in the AAA tab in Zyxel, if I test "DOMAIN\User" it fails.
I spoke with tech support and they say that the DOMAIN\User is not supported, which is unfortunate as this would be a great solution for us.
I have good trust in ZYXEL tech, but does anyone know a workaround for this?
All Replies
-
Hi @TAPTech
Here is the example setting to login with domain\name
After build up L2TP tunnel and setup AD server, go to Configuration > Object > AAA Server > Active Directory > click Add
Add Domain Authentication for MSChap
Add Domain Zone
Go to Configuration > System > DNS > DNS > Domain Zone Forwarder add AD server into it
Add Domain name
Go to Configuration > System > Host Name > Host Name
Then check the status on AD server to see if USG has been joined the domain.
Here is the related settings on Windows adapter
The tunnel is using pre-shared key, authentication select( MS-CHAP v2)
Go to Configuration > VPN > L2TP VPN > L2TP VPN > Allowed User set to any
Test result :
0 -
That works! Thank you. I did put a call into tech support and they did not know about this- perhaps you can update the internal documentation? I am US based.
0 -
I've followed the description above and it works perfect for my phone but, when I try to connect from windows 10 I getwhile my phone does as below:I came by a post in the knowledgebase suggesting setting radius server to 127.0.0.1 port 1812 and key 1. Unfortunately this does not help.Any suggestions much appreciated.
0 -
@PoulK
If you could login to device by web_portal then it means your configuration on ZyWALL is correct.
You can check your configuration on your Win10. You can try to only left PAP in L2TP setting. Of course PAP is required in your RADIUS server too.
0
Categories
- All Categories
- 391 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 220 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight