L2TP MUVPN - Does FB-DB Password need to be same as domain user account?
I've setup a L2TP MUVPN, the 'allowed resources'/'To' is set to 'Any', using Firebox-DB for authentication, the usernames are set to firstname.lastname (which is the same as their domain account).
It connects fine but unless I set the Firebox-DB user account password to be the same as their domain user account password then it wont let the user access any resources like the file shares etc.
Is this correct or have I got something miss-configure? I would have throught these two passwords could have been different.
Many thanks.
0
Sign In to comment.
Comments
How are your users trying to access a file share?
Via this command?
net use [drive letter] \computername\sharename password
They're just standard mapped drives that work when they are in the office. Mapped via the UNC path \computername\sharename
Have you tried using AD for user authentication instead of the Firebox?
Helps when accessing network resources in a Domain environment via VPN.
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/authentication/active_directory_about_c.html
It's usually something simple.
One can provide a password when mounting a share
Thats is actually what I wanted to do earlier in the year but I was told by a mod on here that I couldn't and that:
"-L2TP and IKEv2 can log in via RADIUS or Firebox-DB. If you want to use Active Directory with either, you can use the NPS (Network Policy Server) role in Windows to act as a RADIUS server and tie those together."
So can I actually use AD for user authentication L2TP MUVPN because that would be my preference?
If you want to authenticate with AD user credentials with L2TP/IKEv2 you need to use Microsoft NPS radius service.
Just add the NPS server to your AD server….
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/authentication/radius_active_directory_l2tp.htm
https://techsearch.watchguard.com/KB/?type=KBArticle&SFDCID=kA22A000000XZlhSAG&lang=en_US