VPN Azure AD DS
Hello everyone,
I followed this procedure to set up the VPN with SSL integration with AzureAD utilisiators.
It works with several users but on some users I have a problem, checking the logs it tells me that the user does not exist, yet it does.
Do you have any ideas?
Here are the logs
2023-09-12 16:17:51 wgcgi sslvpn_auth_domain_get, username:XXXXX, domain:XXXXX.org Déboguer
2023-09-12 16:17:51 wgcgi generate_sslvpn_cookie: username:XXXXX, len(password):15, domain:XXXXX.org Déboguer
2023-09-12 16:17:51 admd receive rqst [XXXXX@XXXXX.org] client=2 result=0 Déboguer
2023-09-12 16:17:51 admd admLdapSessStartBinding: search binding, using built user DN==>XXXXX@XXXXX.org Déboguer
2023-09-12 16:17:51 admd RqstId=0x1156d state=1 user=XXXXX@XXXXX.org rslt=4 Déboguer
2023-09-12 16:17:51 admd RqstId=0x1156d state=1 user=XXXXX@XXXXX.org rslt=4 Déboguer
2023-09-12 16:17:51 admd RqstId=0x1156d state=1 user=XXXXX@XXXXX.org rslt=4 Déboguer
2023-09-12 16:17:51 admd RqstId=0x1156d state=1 user=XXXXX@XXXXX.org rslt=4 Déboguer
2023-09-12 16:17:51 admd RqstId=0x1156d state=1 user=XXXXX@XXXXX.org rslt=4 Déboguer
2023-09-12 16:17:51 admd admADSessStartSearching: searchBase==>dc=XXXXX,dc=org, searchFilter==>(sAMAccountName=XXXXX) Déboguer
2023-09-12 16:17:51 admd RqstId=0x1156d state=1 user=XXXXX@XXXXX.org rslt=4 Déboguer
2023-09-12 16:17:51 admd Auth for XXXXX@XXXXX.org result=2 ec=-1(Generic error) msg=user doesn't exist, check your username Déboguer
2023-09-12 16:17:51 admd Authentication of SSLVPN user [XXXXX@XXXXX.org] from 93.28.XX.XXX was rejected, user doesn't exist, check your username msg_id="1100-0005" Événement
2023-09-12 16:17:51 admd wgadmGetUserLoginSettings(): checkOption = 0 for mobile VPN user XXXXX Déboguer
2023-09-12 16:17:51 admd RqstId=0x1156d state=2 user=XXXXX@XXXXX.org rslt=2 Déboguer
2023-09-12 16:17:51 wgcgi SSL VPN user XXXXX@XXXXX.org from 93.28.XX.XXX was rejected - Unspecified. Déboguer
Regards
Comments
If the firewall is checking the authentication server (in this case, AzureAD) and is getting back that the user does not exist, that error is coming from your Auth server. I would suggest checking the authentication logs on Azure AD itself to see if you can find it searching there -- you'll likely get more information about what the problem is in those logs.
-James Carson
WatchGuard Customer Support
Case sensitive user ID issue?
Thank you for your reply.
To view the logs on Azure AD, this is the correct location (capture)
If so, I have no log on this connection
@SupportETS I'd suggest opening a support case if you're not seeing anything. Our support team can get your account details and try to track down the issue.
-James Carson
WatchGuard Customer Support
When I open a ticket with WatchGuard, they tell me it's not their problem because it's not related to WatchGuard.
@SupportETS Can you please let me know what the case number is for this? I'd be happy to look into that case for you.
Thank you.
-James Carson
WatchGuard Customer Support
Hello James
Here is the ticket number : 01921604
Thank you
Hi @SupportETS
I made a request to the support manager team to have your case re-opened. The tech assigned to your case should reach out to you via that case.
-James Carson
WatchGuard Customer Support
Hello,
I managed to find the problem on my own.
It comes from the Mail Nickname, the client uses this option and not the UPN.