VPN authentication OK, user authentication KO

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

VPN authentication OK, user authentication KO

L1 Bithead

Hello

We have an active directory forest with 2 domains:

The first one as been configured in our PA2020 to allow VPN access through Radius and then we use AD groups to make policies rules.

All works fine. At login, users specify “username” and password without domain name.

Radius allows access and in PA2020 logs we can see user name: “domain1\username”

We need to add the second domain.

So we do the radius configuration, and then when user specify “domain2”\username the VPN login is allowed but the authentication transmit after radius login is wrong:          “domain1\domain2\username”

We use a PA2020 cluster in 3.1.9.

How correct this?

Thanks in advance.

3 REPLIES 3

L4 Transporter

Are you using the same Radius server?

It sounds like the radius server is setup with the AD/Domain prefixed and when you use the second domain its prefixing the 1st domain to the second domain.  Please contact support directly for assistance in setting up your authentication.

(8660 898-9087 or create a new case from your support portal.

Thank you,

Phil

Hi thanks for answer.

Yes we use the same twin of radius server.

Yes it's exactly what's happen. But the it's a bugg for us, just a little verification on the CHAR if caracter "\" "or "@" is present, do not prefix username.
A case was opened yesterday by our support.

Thanks,

JHA

L1 Bithead

Hi,

just an upgrade to 4.0.3 from 3.1.9 and all work fine.

I think that an issue was fixed without any report in release note.

bye,

JHA

  • 2434 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!