Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 37 subscribers
  • Views 10627 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

One user is not able to login to the user portal

Julius Kisielius

Hi,

I have successfully configured AD integration for the XG230, all users(200+) on my domain are able to login to the user portal bar one.

All users are part of the same ad group, password on the troubled user has been reset numerous times to make sure that it's not a spelling issue.

But every time I try to login to the XG with the user credentials I just get an Access Denied.

Some background: The username is question was a local username before we moved to AD integration, obviously the username was deleted locally when we connected to the AD.

Is there any kind of user caching or something similar that might conflict with the old and the new usernames?

Any help appreciated.

Regards,

Julius



This thread was automatically locked due to age.
  • 0

    Make sure that there are no special characters (like ' apostrophe) in the username (ANYWHERE - DisplayName, CommonName etc.).

    Can you share a screenshot of Log Viewer (View Logs For -> Authentication) and hover your mouse on the message on the right.

  • 0 in reply to Anish Deval

    Hi Anish,

    Thanks I will get the name checked for any special characters and get back to you.

    The error from the log viewer is: User X failed to login to MyAccount through AD, Local authentication mechanism because of wrong credetials.

    I went a bit deeper and went into the advanced console and ran "tail -f /var/tslog/access_server.log"

    This gave me the following error:

    ERROR     Aug 26 06:13:41 [4134529856]: adsauth_bind: bind failed: Invalid credentials
ERROR     Aug 26 06:13:41 [4134529856]: adsauth_authenticate_user: '123.456.789.012:389': bind failed for User: 'DOMAIN\user.name'
ERROR     Aug 26 06:13:41 [4134529856]: adsauth_authenticate_user: ADS Authentication Failed for User:'user.name@domain.com
ERROR     Aug 26 06:13:41 [4134529856]: adsauth_parse_error_msg: ad error no: 1329
ERROR     Aug 26 06:13:41 [4144363328]: check_auth_result: VPN/SSLVPN/MYACC Authentication Failed
MESSAGE   Aug 26 06:13:41 [4144363328]: (update_admin_access_table): Admin user authentication fail from IP 123.456.789.012

    So I did some digging around what AD Error 1329 means:

    ERROR_INVALID_WORKSTATION

    1329 (0x531)

    This user isn't allowed to sign in to this computer.

    So this is pointing me towards a AD issue, something with the user account?

    Thoughts?

    Julius

Unfiltered HTML