VPN authentication OK, user authentication KO

Reply
Highlighted
L1 Bithead

VPN authentication OK, user authentication KO

Hello

We have an active directory forest with 2 domains:

The first one as been configured in our PA2020 to allow VPN access through Radius and then we use AD groups to make policies rules.

All works fine. At login, users specify “username” and password without domain name.

Radius allows access and in PA2020 logs we can see user name: “domain1\username”

We need to add the second domain.

So we do the radius configuration, and then when user specify “domain2”\username the VPN login is allowed but the authentication transmit after radius login is wrong:          “domain1\domain2\username”

We use a PA2020 cluster in 3.1.9.

How correct this?

Thanks in advance.

L4 Transporter

Re: VPN authentication OK, user authentication KO

Are you using the same Radius server?

It sounds like the radius server is setup with the AD/Domain prefixed and when you use the second domain its prefixing the 1st domain to the second domain.  Please contact support directly for assistance in setting up your authentication.

(8660 898-9087 or create a new case from your support portal.

Thank you,

Phil

L1 Bithead

Re: VPN authentication OK, user authentication KO

Hi thanks for answer.

Yes we use the same twin of radius server.

Yes it's exactly what's happen. But the it's a bugg for us, just a little verification on the CHAR if caracter "\" "or "@" is present, do not prefix username.
A case was opened yesterday by our support.

Thanks,

JHA

L1 Bithead

Re: VPN authentication OK, user authentication KO

Hi,

just an upgrade to 4.0.3 from 3.1.9 and all work fine.

I think that an issue was fixed without any report in release note.

bye,

JHA

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!