my UTM is connected to an Active Directory. In my SSL-VPN config I added the group "Active Directory Users" so that every user can connect via VPN. This is working great without any issues.
Now I needed a VPN-User who shouldn't get any AD-Access, only VPN to get access to an internal webserver. So I created a local user on the UTM and added him to the user list in my VPN profile.
Now everytime I want to connect with this user via VPN I will get an "authentication failed" error.
Here are the parts of the VPN-Log:
2015:05:05-14:41:19 gw01 openvpn[19957]: 91.118.***.***:62540 TLS: Username/Password authentication deferred for username '***' [CN SET]
...
2015:05:05-14:41:21 gw01 openvpn[19957]: 91.118.***.***:62540 SENT CONTROL [esc]: 'AUTH_FAILED' (status=1)
And here for the authentication deamon log:
2015:05:05-14:41:19 gw01 aua[26415]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.0.111 (adirectory)"
2015:05:05-14:41:19 gw01 aua[26415]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="91.118.***.***" host="" user="***" caller="openvpn" reason="DENIED"
Why can't I use my local user for authentication? It seems that the UTM asks the AD first, and when the authentication is denied, because there is no such user in the AD, it won't look any further in the local user database.
Any help would be greatly appreciated.
Dino
This thread was automatically locked due to age.
