• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Login issue with IPsec IKEv2 using Active Directory Authentication

Scheduled Pinned Locked Moved IPsec
2 Posts 2 Posters 985 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    solignis
    last edited by Dec 10, 2015, 12:33 AM Dec 10, 2015, 12:30 AM

    I am kind of lost here and hoping someone can tell me what I am doing wrong.

    I am trying to setup a mobile IKEv2 system on my pfSense lab box. I started by following the instructions here; https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2

    In short everything works perfectly if I follow the instructions verbatim and use the "local database" for authentication. I assigned username and passwords using the EAP option in the Pre-Shared-Keys tab.

    Like I said that part works fine on all machines I have tested it on.

    What is not working is when I try to set the authentication database to use my AD server. I started by adding my AD server to the authentication servers under user management (see attachment).

    Next I set the mobile clients to use my AD server DC01 as the authentication database (see attachment).

    I do not have any pre-shared keys added, all previous keys are gone.

    When I go to my Win 7 VM and try to connect it keeps tell me my password is not correct. The same thing occurs on my Win 10 VM also.

    I have verified time and time again that the credentials are "mostly" correct. I say mostly because I know the account exists and I have the right username and password. However that is where I end.

    Can anyone please give me some assistance or even a clue of where the issue could look?

    Thanks!

    EDIT

    Here is the IPsec log from the firewall too.
    ![2015-12-09 19_22_55-DC01 - VMware Workstation.png](/public/imported_attachments/1/2015-12-09 19_22_55-DC01 - VMware Workstation.png)
    ![2015-12-09 19_22_55-DC01 - VMware Workstation.png_thumb](/public/imported_attachments/1/2015-12-09 19_22_55-DC01 - VMware Workstation.png_thumb)
    ![2015-12-09 19_25_17-DC01 - VMware Workstation.png](/public/imported_attachments/1/2015-12-09 19_25_17-DC01 - VMware Workstation.png)
    ![2015-12-09 19_25_17-DC01 - VMware Workstation.png_thumb](/public/imported_attachments/1/2015-12-09 19_25_17-DC01 - VMware Workstation.png_thumb)
    ![2015-12-09 19_28_01-Windows 7 - VMware Workstation.png](/public/imported_attachments/1/2015-12-09 19_28_01-Windows 7 - VMware Workstation.png)
    ![2015-12-09 19_28_01-Windows 7 - VMware Workstation.png_thumb](/public/imported_attachments/1/2015-12-09 19_28_01-Windows 7 - VMware Workstation.png_thumb)
    [ipsec log.txt](/public/imported_attachments/1/ipsec log.txt)

    1 Reply Last reply Reply Quote 0
    • L
      ltctech
      last edited by Dec 13, 2015, 2:41 PM

      You cannot do what you're trying to do:
      https://forum.pfsense.org/index.php?topic=90753.msg504731#msg504731

      Install and setup NPS/IAS on your AD server. Add it as a RADIUS server to pfSense. Then use EAP-Radius for authentication.

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received