I have a 3005 VPN Concentrator, and hav e noticed a recurring pattern with a number of users. I am using Windows 2003 R2 Active Director for authentication.
If they happen to have a user name that is unusually long (i.e. more than 12 characters) the Cisco 4.8 VPN client will refuse to allow them to authenticate to the VPN Concentrator, until I enable the "Do not require Kerberos preauthentication" switch on their account, at which point they authenticate fine.
Am I hitting some sort of Kerberos hash length limitation, with users with unusually long login names?