Re: User is not authorized error when trying to connect to VPN using an LDAP user - RV345P

raed@trackeeper.com · ‎04-22-2019

I have an RV345P router, I configured the ssl-vpn to be accessed using ldap. When a user tries to connect using AnyConnect it shows incorrect user/password and the router logs:

[log_sslvpnac: facility=SslVpn;msg=ERROR sslvpn_aaa_stubs.c.113[74753470] sbtg_authorize: user(xxxxx) is not authorized to access VPN service]

How to authorize ldap users to access ssl-vpn?

dagamone · ‎10-02-2019

This happened to me as well, I tried both with RADIUS and LDAP using Jumpcloud service but none of them work, and I get the same results. i can only authenticate VPN users by localdb. I am using RV345W

gregorymkeller · ‎10-03-2019

Raed,

I'm Greg with JumpCloud. Sorry to hear you're having issues connecting with your Cisco appliance. We have 1000's of orgs integrating Cisco equipment through both our LDAP and RADIUS services. It's hard to troubleshoot here given there is not enough information, so I heavily suggest pinging our support team at support@jumpcloud.com and they will go deep. When we see authorization messages like that, very often it is related to group membership assignments. As an example, once you have set up and tested the RADIUS or LDAP interfaces and seen a successful handshake, user accounts typically need to be part of a User Group in JumpCloud which is the basis of the Auth'Z which your equipment will check for. e.g. "The user has been authenticated, but are they in a group authorized to leverage the network?" To do this for LDAP, your JumpCloud User Group must be set to be an LDAP user group. This is done by selecting the LDAP toggle in the 'Directories' tab of a User Group.

Beyond that, there's not enough info here for us to help you trouble shoot so please ping our support team.

Best.

Greg