|
to Brano
Re: USG100 L2TP/IPSec not authenticating with Active DirectoryZyxel, at one point, blocked the use of ActiveDirectory security groups on L2TP if using "Authenticate over AD". If you used the ext-group-user with an IPSEC/L2TP, it wouldn't authenticate. This was by design (ie: they want you to buy SSL licenses from them).
If ext-group-user works with LDAP, then it would be a way around the limitation if it was still in place.
From what I've read, it's still a (ill-advised) design decision.
I saw how you did yours and changed it to use my VPN-LV-Users security group (checks AD for users in this group). Worked fine in test, except the same ol' problem with when I actually connect to the thing, it drops. I have a theory I'm going to explore tonight though. |
|
i really don't understand what you said, i saw no limitation from zyxel for the AD connection. it works like a charm for me are you sure you correctly set you DC and CN command ? did your IPSEC/L2TP VPN connection work with a local user created on the USG ? |