Zyxel Flex 500 VPN using Active Directory Authorisation
Options
OK so Im pulling my hair out on this one.
Active directory is setup correctly in AAA Server section and is working to the extent it allows logins to sessions on the firewall from its web interface (not that we use this functionality but a good way to see if you can login using AD credentials)
But if i try to set the same auth method up for my L2TP over IPSec VPN I get invalid username or password errors. I know the username and password is correct as i can log into a session using the same username and password on the zyxels web interface.
How do i debug this - its driving me crazy - way to many days spent trying to get it to work.
If i use a local username and password the vpn connects fine so i know its not the config of the vpn either.
Active directory is setup correctly in AAA Server section and is working to the extent it allows logins to sessions on the firewall from its web interface (not that we use this functionality but a good way to see if you can login using AD credentials)
But if i try to set the same auth method up for my L2TP over IPSec VPN I get invalid username or password errors. I know the username and password is correct as i can log into a session using the same username and password on the zyxels web interface.
How do i debug this - its driving me crazy - way to many days spent trying to get it to work.
If i use a local username and password the vpn connects fine so i know its not the config of the vpn either.
0
All Replies
-
First Screenshot showing an Active Directory Authorised login to the Device
Second Screenshot showing the rejected VPN login
0 -
Hello @RoyCruse,
Please login to Web CLI and input the CLI command below to check if AD join successfully.
_debug domain-auth test profile-name [profilename] username [username] password [password]
I would like to check on the packet captured between USG FLEX 500 and the AD server, could you provide them?Moreover, I have contacted you through private message, asking for remote access for further checking, please check your inbox, thank you.James0
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 91 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 919 WirelessLAN
- 35 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 926 Nebula FAQ
- 422 Security FAQ
- 238 Switch FAQ
- 210 WirelessLAN FAQ
- 47 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight