Dialup IPSec with native Windows client support with LDAP authentication

Forum|Forum|10 years ago
October 9, 2015
1 reply
9797 views

Hi all,

Hoping someone has had this requirement before. I need to configure a dialup VPN with LDAP authentication that the Windows native VPN client can connect to (not using Forticlient or similar).

I can connect with XAUTH disabled using a local firewall account in my User Group, but when I enable XAUTH the debugs suggest that the firewall doesn't get any XAUTH data from the client.

FortiOS 5.2.4

Jason

5.2

gschmitt

New Member

Uhm XAUTH is something else

You need to add your LDAP Server at User&Devices > Authentication > LDAP Server and add your AD Group to the usergroup at User&Devices > User > User Groups

jt999Author

New Member

gschmitt wrote:
Uhm XAUTH is something else
You need to add your LDAP Server at User&Devices > Authentication > LDAP Server and add your AD Group to the usergroup at User&Devices > User > User Groups

The LDAP server and user group is already added (and the LDAP authentication works for an admin user on the firewall). It's just the dialup VPN that doesn't appear to be able to deal with it. With XAUTH disabled it doesn't appear to even try the LDAP server, and when it's enabled the clients can't connect unless FortiClient is used.

gschmitt

New Member

Can you try using LDAP Authentication in some other context? Like creating a policy with authentication for that user group to access some ressource and see if the authentication works there?

Did you use cn or sAMAccountName for the LDAP configuration?

Have you tried using domain\username and just the username for the username?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded