This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

After 9.1 => 9.2 xauth against AD broken

Hi there,
today I updated both HA nodes from 9.1 to 9.201-25.
Of course I did not change any configuration!

Since then some users called for a non working VPN.

i figured out the following:

L2TP over IPsec is still working, authenticating against RADIUS
IPSEC is broken but ONLY when authenticating useres against AD:
"...no connection has been authorized with policy=XAUTHPSK+XAUTHSERVER"

If i use a RADIUS-based Usergroup it works like all the other days.

Communication to the AD-Server itself is fine, I can read the entire AD from the UTM, can recreate the AD-Group-limited Usergroup and can succesfully prefetch users.

ipsec restart did not help of course and it is still strongSwan 4 and not 5.x (4.4.1git20100610)

Any Ideas?

Thanks - Chris

This thread was automatically locked due to age.

Parents

0 Chris69 over 10 years ago

Hi Bob,
I double checked it once again:

Under RA => IPSEC => Allowed Users
you can add groups of AD or RADIUS authenticated users.

It worked for a year for me under 9.x, since 9.2 RADIUS is still working but AD is broken.
But it confuses me, too, that everything related to AD is working (Test under authentication servers, user prefetch, reading AD groups...) but IPSEC cannot get used to this group anymore.

Cheers - Chris
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Chris69 over 10 years ago

Hi Bob,
I double checked it once again:

Under RA => IPSEC => Allowed Users
you can add groups of AD or RADIUS authenticated users.

It worked for a year for me under 9.x, since 9.2 RADIUS is still working but AD is broken.
But it confuses me, too, that everything related to AD is working (Test under authentication servers, user prefetch, reading AD groups...) but IPSEC cannot get used to this group anymore.

Cheers - Chris
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data