ssl vpn "authentication failed" for new user

Hi,
I created a new user in our AD and put him to the same AD group where other VPN users are (group is added to Firebox) . I can't login with "auth failed". I try to understand, what AD field is using for authentication? For reason I don't remember, users are using format "user@ourdomain.com" for logging through VPN.
Why this @ourdomain.com suffix is for ? Our real AD domain is smthng.ourdomain.com.
How I can debug "auth failed" error ?

Comments

  • ourdomain.com is probably what you have set up as your AD server name in your XTM config.
    See the "Specify the Client Connection Settings" section, here:
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/mvpn_ssl_client-install_c.html

    You can turn on diagnostic logging for Authentication which may show something to help:
    In WSM Policy Manager: Setup -> Logging -> Diagnostic Log Level -> Authentication
    In the Web UI: System -> Diagnostic Log
    Set the slider to Information or higher

    As I recall from a good while back, XTM uses a cached version of the AD group, so it may take some time before an added user to the AD group ican successfully authenticate.

Sign In to comment.