VPN 3000 and Microsoft Active Directory problems

johnsos · ‎08-21-2003

Anyone heard of problems any problems with VPN3000 and Microsoft AD authentication problems. We are having issues currently. We used NT Domain authentication before but since upgraded to AD with that nothing works. Luckly this is still in our trial period with our customers of about 150. We planned on rolling it out but with this problem we had to postpone. Any thoughts would be helpful. VPN box is currently running the latest verion 4.0.1.c-k9.

edmonds_robert · ‎08-21-2003

I believe you must run RADIUS authentication to authenticate to an AD domain. At the very least, I know it works. That's how I do it. Give it a try.

johnsos · ‎08-21-2003

Just an update. We use RADIUS but these requests fall into our Default Group in RADIUS which is set up to authenticate to the DOMAIN. It worked when we had NT but since Active Directory all VPN authentication broke for VPN connections. Now that said we also use our RADIUS to authenticate our Wireless customers 802.11b LEAP they also used NT Domain auth. We opened a P1 case with TAC and they had us install a patch for RADIUS and now the Wireless customers are now working with AD. You would of thought that this would also of fixed my problem with VPN since they are both using the Default Group in RADIUS. Thanks for your reply.

jspeegle · ‎08-22-2003

What version of RADIUS are you running? I had the same problem running Cisco Secure ACS v2.6. I went ahead and upgraded to v3.1 and it fixed my authentication problems.

j.t.faust · ‎09-02-2003

I am running Cisco ACS 3.21 authenticating wireless and VPN clients against both NT and AD domains. Had some problems and got a patch from Cisco to correct the order in which it selects external domains to try authentication.