USG310: AD Users can't connect IKEv2 since update 4.35 AAPJ0
since updating to firmware 4.35 AAPJ0 AD-users get an "Auth fail", while connecting via IKEv2. Local Users are no problem.
I have checked "AAA-Server" settings and the test function for username still delivers "ok". Auth method is first still "group ad" an second is local.
In IKE log only "auth fail" is diplayed..
Can anyone help?
All Replies
-
Hi @KMB,
The USG310 must join an AD domain.
In the following example, domain name is usg.com.
Go to CONFIGURATION > System > Host Name and enter the domain name.
Go to CONFIGURATION > System > DNS > Address/PTR Record and add a record for AD server.
On AD server, usg310 should appear in Computers.
Go to AAA Server > Active Directory > AD object. Configure Domain Authentication for MSChap.
The user in this field should belongs to “domain admin” on your AD server.
Result: IKEv2 is established with AD account successfully.
0
Categories
- All Categories
- 385 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 74 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 886 Nebula FAQ
- 415 Security FAQ
- 228 Switch FAQ
- 198 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight