Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User user@mydomain.local failed to login to VPN through AD authentication mechanism because of access not allowed

Hello, 

I dealing with this problem while trying to use external authentication via AD to manage ipsec user connections, i have created a group ou my AD for the users i want to permit access, on the fw on remote access i have give permission to this group after importing from AD.

I have other firewalls without any issue, but i can not understand what is wrong with this setup.

I would appreciate any help.

I got this message in the logs when trying to authenticate to IPEC VPN.

User user@mydomain.local failed to login to VPN through AD authentication mechanism because of access not allowed.

The AD connection tested ok, i could import the groups. i have a user that is included on the security group that i want to give vpn access.

this is the server_acesss.log portion.

SUCCESS Apr 20 18:10:42.472257Z [access_server]: (check_auth_result): user 'user@mydomain.local'(backend) Authenticated with server id '3'
ERROR Apr 20 18:10:42.479172Z [access_server]: handle_pam_authorization: VPN/SSLVPN/MYACC Authorization Failed, result_code=1

when on debug i can see on the logs that the groups for the user are correctly enumerated.

Local authentication works with any issue.

Kind Regards,

CR



This thread was automatically locked due to age.