This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

After 9.1 => 9.2 xauth against AD broken

Hi there,
today I updated both HA nodes from 9.1 to 9.201-25.
Of course I did not change any configuration!

Since then some users called for a non working VPN.

i figured out the following:

L2TP over IPsec is still working, authenticating against RADIUS
IPSEC is broken but ONLY when authenticating useres against AD:
"...no connection has been authorized with policy=XAUTHPSK+XAUTHSERVER"

If i use a RADIUS-based Usergroup it works like all the other days.

Communication to the AD-Server itself is fine, I can read the entire AD from the UTM, can recreate the AD-Group-limited Usergroup and can succesfully prefetch users.

ipsec restart did not help of course and it is still strongSwan 4 and not 5.x (4.4.1git20100610)

Any Ideas?

Thanks - Chris

This thread was automatically locked due to age.

Parents

0 BAlfson over 10 years ago

I'd never tried IPsec Remote Access with a PSK in the ASG/UTM/SG, so I didn't know it was possible to do XAUTH with a Backend Group. [:O]

You might find a hint in your server logs, Chris, but I would have your reseller open a support case with Sophos.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 10 years ago

I'd never tried IPsec Remote Access with a PSK in the ASG/UTM/SG, so I didn't know it was possible to do XAUTH with a Backend Group. [:O]

You might find a hint in your server logs, Chris, but I would have your reseller open a support case with Sophos.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data