Login issue with IPsec IKEv2 using Active Directory Authentication
-
I am kind of lost here and hoping someone can tell me what I am doing wrong.
I am trying to setup a mobile IKEv2 system on my pfSense lab box. I started by following the instructions here; https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2
In short everything works perfectly if I follow the instructions verbatim and use the "local database" for authentication. I assigned username and passwords using the EAP option in the Pre-Shared-Keys tab.
Like I said that part works fine on all machines I have tested it on.
What is not working is when I try to set the authentication database to use my AD server. I started by adding my AD server to the authentication servers under user management (see attachment).
Next I set the mobile clients to use my AD server DC01 as the authentication database (see attachment).
I do not have any pre-shared keys added, all previous keys are gone.
When I go to my Win 7 VM and try to connect it keeps tell me my password is not correct. The same thing occurs on my Win 10 VM also.
I have verified time and time again that the credentials are "mostly" correct. I say mostly because I know the account exists and I have the right username and password. However that is where I end.
Can anyone please give me some assistance or even a clue of where the issue could look?
Thanks!
EDIT
Here is the IPsec log from the firewall too.
[ipsec log.txt](/public/imported_attachments/1/ipsec log.txt)
-
You cannot do what you're trying to do:
https://forum.pfsense.org/index.php?topic=90753.msg504731#msg504731Install and setup NPS/IAS on your AD server. Add it as a RADIUS server to pfSense. Then use EAP-Radius for authentication.