Re: VPN 3030 authentication fails

haleemk · ‎01-24-2004

Hi,

I have configured 3030 concentrator for my remote access services.Currently I am using Internal group (internal database of 3030) for authenticating users.I have MS 2000 Active directory as our Corporate Network File Server.Instead of creating accounts in 3030 I want to use existing Active directory accounts so that while creating IPSec it should be authenticaed with Active directory server.

for this,I go to Configuration/System/Servers-->Authentication and add Kerberos/Active directory with correct IP and Realm in Capital letter. But when I test using the Test button it prompts me for Username/password. I apply username and password but then it gives me following message

Authentication Rejected:Reason unspecified.

Pl help ..am I following correct procedure ???

Thanx Haleem

mmandel · ‎01-28-2004

hmmm, ok, we have the same setup, VPN3005, and we have a Windows Server 2003 Active Directory. But.. for authentication server, I have NT Domain, instead of the Kerberos/Active Dir. Try that.

Also, in the username field try domain\username

using the NETBIOS name of your domain.

Make sure you specify the DC by name.

..can you PING your DC by name with the ping tool?

haleemk · ‎02-10-2004

I can ping DC by name.But still Test fails.I doubt whether server name convention is tool long or VPN doesn't understand - character.

My server name is

abc-def-srv-001.company.com.xz (not exact name but in same format)

Report Inappropriate Content · ‎04-11-2004

Hey,

Thanks a lot for that suggestion!! I was trying everything, except what you told me,to get this thing working. As soon as I put NT domain instead of Kerberos,everything worked like a charm!! I really appreciate it.