Hi team, I’m trying the following configuration, ¿is it possible? I don't know if there is any incompatibilty. Always ON VPN + machine authentication + secondary user authentication (LDAP) Which I want is that our laptops establish the vpn connection during startup based on machine authentication (when the user haven’t login in windows yet). When the user logins in Windows, the vpn connection (created by machine) is replaced with a vpn based on user credentials. As these docs explain: https://docs.pulsesecure.net/WebHelp/PDC/9.0R1/Content/PDC_AdminGuide_9.0R1/Machine_and_User_Authentication_1.htm https://docs.pulsesecure.net/WebHelp/PDC/9.0R1/Content/PDC_AdminGuide_9.0R1/Pulse_Connection_is_Established_3.htm -> Figure 66 and Figure 68 I could not get it to work. Analyzing logs I can see the PSA checks the certificate, the primary authentication is successful, and then PSA try to validate user/pass, but the user hadn’t login yet, failling. The first VPN connection based only on machine authentication doesn’t establish. When the user logins in windows, then the VPN is established. 2021-02-03 14:10:06 - ive - [10.16.0.30] Default Network::user(REALM_XXX)[] - Login failed using auth server Local_auth_server (Local Authentication). Reason: Failed -->> For testing purposes I'm using local auth 2021-02-03 14:10:06 - ive - [10.16.0.30] Default Network::user(REALM_XXX)[] - Secondary authentication failed for host/host.dom/Local_auth_server from 10.16.0.30 2021-02-03 14:10:06 - ive - [10.16.0.30] Default Network::user(REALM_XXX)[] - Password realm restrictions successfully passed for user/REALM_XXX , with certificate 'Certificate' 2021-02-03 14:10:06 - ive - [10.16.0.30] Default Network::user(REALM_XXX)[] - Primary authentication successful for user/AUTHSERV_Cert_Ministerio from 10.16.0.30 Thanks
... View more