I am now trying to use the Cert Server as the mode of authentication, so that the user is able to login to SSL VPN just by double-click the network connect icon. Encountered the following messages in the user logs:
1) Login failed using auth server Cert server (Certificate Server). Reason: Failed
2) Primary authentication failed for <user>/Cert server from <external IP address>
1) How can I know what is the "User Name Template" when configuring the cert Server?
2) My LDAP authentication is not set up. Can it cause the Cert server to have problems?
3) My Active Directory computer only has domain\administrator account (set up by others). How can I add the SA700 to join the domain?
some posts ago in this thread i told you exactly what to do to get the IVE as memberserver into your active directory.
So simply do it and everything should be right.
When u use domain\Administrator it wont work.
So ask the Active Directory - Stuff to create a Domainuser with permission to create objects in a special OU in Active Directory (lets call the OU "VPN Users"), and let them give you the credentials of this special useraccount so you can do your job..
When u get this running (according to my howto..) you wont need any LDAP. Winbind will do all the job of authenticating and autorizing users for you - also users from trusted domains, if needed.
Or watch this screenshot-howto, this works fine ...
dusannovakovic, your link to to your graphic was great, we had been running fine for years and just swapped to mag2600's in a cluster, imported the config from our SA running the same code base and i recieved the errors specified in this thread, very odd since the setting work fine in our production unit. Anyhow, went through and changed AD server names to just IP, removed the dashes from the computer names, and also left it with just kerberos and presto, everything worked. Odd but oh well. As for the yellow warning about server is either not a domain controller...... i still get that, but i hav been getting that since we started using the SSL way back from the 6.0 code base.... not sure why it pops up, chalk it up to something that development should either remove or clarify to whats causing the issue.