Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 839 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

After 9.1 => 9.2 xauth against AD broken

Chris69
Hi there,
today I updated both HA nodes from 9.1 to 9.201-25.
Of course I did not change any configuration!

Since then some users called for a non working VPN.

i figured out the following:

L2TP over IPsec is still working, authenticating against RADIUS
IPSEC is broken but ONLY when authenticating useres against AD: 
"...no connection has been authorized with policy=XAUTHPSK+XAUTHSERVER"

If i use a RADIUS-based Usergroup it works like all the other days.

Communication to the AD-Server itself is fine, I can read the entire AD from the UTM, can recreate the AD-Group-limited Usergroup and can succesfully prefetch users.

ipsec restart did not help of course and it is still strongSwan 4 and not 5.x (4.4.1git20100610)

Any Ideas?

Thanks - Chris


This thread was automatically locked due to age.
Parents
  • 0
    Chris,

    I'm confused by your post.  In Remote Access IPsec, you can't specify users by a backend group - neither with AD nor with RADIUS.

    Cheers - Bob
    PS Moving this thread to the VPN Forum.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Chris,

    I'm confused by your post.  In Remote Access IPsec, you can't specify users by a backend group - neither with AD nor with RADIUS.

    Cheers - Bob
    PS Moving this thread to the VPN Forum.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML