Login issue with IPsec IKEv2 using Active Directory Authentication
I am kind of lost here and hoping someone can tell me what I am doing wrong.
I am trying to setup a mobile IKEv2 system on my pfSense lab box. I started by following the instructions here; https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2
In short everything works perfectly if I follow the instructions verbatim and use the "local database" for authentication. I assigned username and passwords using the EAP option in the Pre-Shared-Keys tab.
Like I said that part works fine on all machines I have tested it on.
What is not working is when I try to set the authentication database to use my AD server. I started by adding my AD server to the authentication servers under user management (see attachment).
Next I set the mobile clients to use my AD server DC01 as the authentication database (see attachment).
I do not have any pre-shared keys added, all previous keys are gone.
When I go to my Win 7 VM and try to connect it keeps tell me my password is not correct. The same thing occurs on my Win 10 VM also.
I have verified time and time again that the credentials are "mostly" correct. I say mostly because I know the account exists and I have the right username and password. However that is where I end.
Can anyone please give me some assistance or even a clue of where the issue could look?
Here is the IPsec log from the firewall too.
![2015-12-09 19_22_55-DC01 - VMware Workstation.png](/public/imported_attachments/1/2015-12-09 19_22_55-DC01 - VMware Workstation.png)
![2015-12-09 19_22_55-DC01 - VMware Workstation.png_thumb](/public/imported_attachments/1/2015-12-09 19_22_55-DC01 - VMware Workstation.png_thumb)
![2015-12-09 19_25_17-DC01 - VMware Workstation.png](/public/imported_attachments/1/2015-12-09 19_25_17-DC01 - VMware Workstation.png)
![2015-12-09 19_25_17-DC01 - VMware Workstation.png_thumb](/public/imported_attachments/1/2015-12-09 19_25_17-DC01 - VMware Workstation.png_thumb)
![2015-12-09 19_28_01-Windows 7 - VMware Workstation.png](/public/imported_attachments/1/2015-12-09 19_28_01-Windows 7 - VMware Workstation.png)
![2015-12-09 19_28_01-Windows 7 - VMware Workstation.png_thumb](/public/imported_attachments/1/2015-12-09 19_28_01-Windows 7 - VMware Workstation.png_thumb)
[ipsec log.txt](/public/imported_attachments/1/ipsec log.txt)
You cannot do what you're trying to do:
Install and setup NPS/IAS on your AD server. Add it as a RADIUS server to pfSense. Then use EAP-Radius for authentication.