Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Login issue with IPsec IKEv2 using Active Directory Authentication

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 995 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      solignis
      last edited by

      I am kind of lost here and hoping someone can tell me what I am doing wrong.

      I am trying to setup a mobile IKEv2 system on my pfSense lab box. I started by following the instructions here; https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2

      In short everything works perfectly if I follow the instructions verbatim and use the "local database" for authentication. I assigned username and passwords using the EAP option in the Pre-Shared-Keys tab.

      Like I said that part works fine on all machines I have tested it on.

      What is not working is when I try to set the authentication database to use my AD server. I started by adding my AD server to the authentication servers under user management (see attachment).

      Next I set the mobile clients to use my AD server DC01 as the authentication database (see attachment).

      I do not have any pre-shared keys added, all previous keys are gone.

      When I go to my Win 7 VM and try to connect it keeps tell me my password is not correct. The same thing occurs on my Win 10 VM also.

      I have verified time and time again that the credentials are "mostly" correct. I say mostly because I know the account exists and I have the right username and password. However that is where I end.

      Can anyone please give me some assistance or even a clue of where the issue could look?

      Thanks!

      EDIT

      Here is the IPsec log from the firewall too.
      ![2015-12-09 19_22_55-DC01 - VMware Workstation.png](/public/imported_attachments/1/2015-12-09 19_22_55-DC01 - VMware Workstation.png)
      ![2015-12-09 19_22_55-DC01 - VMware Workstation.png_thumb](/public/imported_attachments/1/2015-12-09 19_22_55-DC01 - VMware Workstation.png_thumb)
      ![2015-12-09 19_25_17-DC01 - VMware Workstation.png](/public/imported_attachments/1/2015-12-09 19_25_17-DC01 - VMware Workstation.png)
      ![2015-12-09 19_25_17-DC01 - VMware Workstation.png_thumb](/public/imported_attachments/1/2015-12-09 19_25_17-DC01 - VMware Workstation.png_thumb)
      ![2015-12-09 19_28_01-Windows 7 - VMware Workstation.png](/public/imported_attachments/1/2015-12-09 19_28_01-Windows 7 - VMware Workstation.png)
      ![2015-12-09 19_28_01-Windows 7 - VMware Workstation.png_thumb](/public/imported_attachments/1/2015-12-09 19_28_01-Windows 7 - VMware Workstation.png_thumb)
      [ipsec log.txt](/public/imported_attachments/1/ipsec log.txt)

      1 Reply Last reply Reply Quote 0
      • L
        ltctech
        last edited by

        You cannot do what you're trying to do:
        https://forum.pfsense.org/index.php?topic=90753.msg504731#msg504731

        Install and setup NPS/IAS on your AD server. Add it as a RADIUS server to pfSense. Then use EAP-Radius for authentication.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.