Options
ssl vpn "authentication failed" for new user
Hi,
I created a new user in our AD and put him to the same AD group where other VPN users are (group is added to Firebox) . I can't login with "auth failed". I try to understand, what AD field is using for authentication? For reason I don't remember, users are using format "user@ourdomain.com" for logging through VPN.
Why this @ourdomain.com suffix is for ? Our real AD domain is smthng.ourdomain.com.
How I can debug "auth failed" error ?
0
Sign In to comment.
Comments
ourdomain.com is probably what you have set up as your AD server name in your XTM config.
See the "Specify the Client Connection Settings" section, here:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/mvpn_ssl_client-install_c.html
You can turn on diagnostic logging for Authentication which may show something to help:
In WSM Policy Manager: Setup -> Logging -> Diagnostic Log Level -> Authentication
In the Web UI: System -> Diagnostic Log
Set the slider to Information or higher
As I recall from a good while back, XTM uses a cached version of the AD group, so it may take some time before an added user to the AD group ican successfully authenticate.