Running 4.0.5 here.
I setup SSL VPN a while ago, and setup an authentication profile to pull from our Active Directory via Kerberos. I have an AD group and I only want the members of that group (or members of groups that are children of that master group) to have VPN access.
I only add that single group to the allow list, and nothing else.
For some period of time, this was working correctly. I have users that are in that group and could access the VPN, as well as users in sub-groups that could also access it.
After some period of time, with zero changes to anything SSL-VPN or authentication related, this has stopped working. I'm now getting a generic "invalid username or password" error, when it was working perfectly in the past.
If I edit the authentication profile and remove the group restriction and instead change to "all," everything works again, but I am no longer restricting VPN access as I would like.
What's going on here?
I have found from searches that group restrictions are not supported with LDAP... but I'm using Kerberos and couldn't find anything about it one way or another. If it is not supposed to work with group restrictions, how the heck was it working for me in the past!?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!