L2TP Ipsec AD login crash on last Firmware

ticsystems
ticsystems Posts: 64  ZCNE Certified
Fourth Anniversary 10 Comments Friend Collector ZCNE Security Level 1 Certification - 2020
in Security

Hy team.

In last firmware of all devices (ATP and Flex Series) the loggin with ad user crash.

The connection with server is OK with on log sais " Incorrect username or password"

image.png
image.png

I downgrade the firmware and connection with ad user is working now.

In ikev2 connections is working.

Thanks!

Accepted Solution

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Second Anniversary 500 Comments 100 Answers Zyxel Certified Sales Associate
    Answer ✓

    We will have a formal release that fixes this problem, you may roll back to 5.37C0 and wait for our update.

«1

All Replies

  • smb_corp_user
    smb_corp_user Posts: 163  Master Member
    Community MVP Second Anniversary 100 Comments 5 Answers

    Sounds interesting. Maybe the new firmware makes old configuration incompatible?

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Second Anniversary 500 Comments 100 Answers Zyxel Certified Sales Associate

    @ticsystems what's the previous version that AD users could work? Is it 5.36?

    Is it possible to provide the configuration of 5.37 and the previous version, I suspect the same thing as @smb_corp_user

  • tom_k
    tom_k Posts: 1
    First Comment

    Any easy solution for above or firmware downgrade only?

  • smb_corp_user
    smb_corp_user Posts: 163  Master Member
    Community MVP Second Anniversary 100 Comments 5 Answers
    edited November 2023

    @tom_k If it can be verified that the newest firmware makes the configuration partially incompatible (some settings stop working), it will be necessary to set up the configuration manually on the new firmware. Alternatively, if the configuration files can be viewed in a text file or document viewer, it could be possible to manually modify a copy of the old configuration to match the new firmware. Maybe this is not possible, and therefore some kind of conversion tool is needed to upgrade a saved configuration file.

  • ticsystems
    ticsystems Posts: 64  ZCNE Certified
    Fourth Anniversary 10 Comments Friend Collector ZCNE Security Level 1 Certification - 2020
    edited November 2023

    Error on post. Sorry

  • ticsystems
    ticsystems Posts: 64  ZCNE Certified
    Fourth Anniversary 10 Comments Friend Collector ZCNE Security Level 1 Certification - 2020
    https://community.zyxel.com/en/discussion/comment/59109#Comment_59109

    Hy James.
    V5.37(ABFU.0) its working fine.
    V5.37(ABFU.1) Don´t Working in L2TP Ipsec connection. Ikev2 its working.

  • smb_corp_user
    smb_corp_user Posts: 163  Master Member
    Community MVP Second Anniversary 100 Comments 5 Answers

    Very interesting to see a change within such a small version difference. Should be possible for Zyxel Support to look at a saved config file from each firmware version and determine if the new firmware breaks the format for one or more specific settings.

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Second Anniversary 500 Comments 100 Answers Zyxel Certified Sales Associate

    @ticsystems

    Except for the configuration of 5.37P0 and 5.37P1, please provide the results of the CLI commands below, thanks.

    Rourter>_debug domain-auth test profile-name [profilename] username [username] password [password]

    Router> test aaa server ad host 172.16.50.1 port 389 base-dn DC=Zyxel,DC=com bind-dn zyxel\engineerABC password abcdefg login-name-attribute sAMAccountName account userABC

    For the CLI above, here is the example settings.
    • IP address: 172.16.50.1
    • Port: 389
    • Base-dn: DC=Zyxel,DC=com
    • Bind-dn: zyxel\engineerABC
    • Password: abcdefg
    • Login-name-attribute: sAMAccountName

  • ticsystems
    ticsystems Posts: 64  ZCNE Certified
    Fourth Anniversary 10 Comments Friend Collector ZCNE Security Level 1 Certification - 2020
    https://community.zyxel.com/en/discussion/comment/59173#Comment_59173

    You have a private message

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Second Anniversary 500 Comments 100 Answers Zyxel Certified Sales Associate
    Answer ✓

    We will have a formal release that fixes this problem, you may roll back to 5.37C0 and wait for our update.

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)