dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
1107
share rss forum feed

darkwood

join:2012-11-29

L2TP with Active directory validation

Hello guys,

I have a problem with my USG 300 and my l2tp connection when a try validate with active directory.
All test with active directory result OK.

Any ideas?

Model USG 300, firmware 3.00(AQE.4)ITS-WK01-r37427 send by Zyxel last week.

Thanks.


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Reviews:
·TekSavvy DSL
·Bell Fibe
Suggest you try the just released official firmware here »USG series 3.00 (xxx.4) firmware is out!

Does the AD authentication work for basic user authentication let's say to web interface?
Anything in logs on the router?
Anything in logs on the AD box?
Did you try sniffing the authentication traffic?

darkwood

join:2012-11-29
Thanks Brano for your reply,

The log is very simple, say: User domain\myuser has been denied from L2TP service.(Incorrect Username or Password)

When i validate with this user to access by ssl is ok, when test in ad configuration with this user is ok.

In ad box no log.

Thanks.

Aleksandar

join:2010-12-08
Beach Haven, NJ

1 edit
Hi there I have USG 100 and I am also trying to configure AD validation (with SSL) .
Darkwood can you please tell me configuration steps. I currently have AD validations without SSL and it is working like charm.

If I just select checkbox and change port to 636 I receive the same error and after a while BIND FAILED in USG log

Also Anybody tried option "Domain Authentication for MSChap" in v3.0 firmware ? What will this enable ?

asgatlat

join:2012-05-10
France
reply to darkwood
said by darkwood:

Thanks Brano for your reply,

The log is very simple, say: User domain\myuser has been denied from L2TP service.(Incorrect Username or Password)

When i validate with this user to access by ssl is ok, when test in ad configuration with this user is ok.

In ad box no log.

Thanks.

hi,
i've already got this error of the "Incorrect Username or Password"
if your AD is in a domain,you should try to log in L2TP without adding the domain name, just User and Password