Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » 9.2.2- can't connect to VPN using domain accoun (9.2.2- can't connect to VPN using domain accoun)
  •  
__guest__

Messages: 20
Karma: 0
Send a private message to this user
Hi. I have Kerio Control 9.2.2, VPN IPsec is configured. Kerio is a member of Active Directory, verification is successful.

In user's settings in AD incoming connections are allowed, in Kerio settings for this user option "configuration for this user is defined domain template" chosen.
In the properties of VPN interface option "Turn on MS-CHAP v2 authenticaton" is not chosen
VPN on client is made using standard (Operating System) connection.
When I try to connect to Kerio VPN from Windows Client, I get 741 vpn error. I can connect to Windows RRAS VPN using same computer, same user.
I can connect to Kerio VPN using Kerio internal user instead of AD user.
I suspect that there are some bugs of misconfiguration of Kerio.
Please help me resolve the problem.
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
Does your template for domain users have "User can connect using VPN" enabled ?

Petr Dobry
Product Development Manager | Kerio
  •  
__guest__

Messages: 20
Karma: 0
Send a private message to this user
Petr Dobry (Kerio) wrote on Wed, 26 April 2017 03:44
Does your template for domain users have "User can connect using VPN" enabled ?

Yes, as I wrote - I can connect to VPN provided by RRAS Windows using the same user, AD, computer.
  •  
Brian (GFI/Kerio)

Messages: 763
Karma: 75
Send a private message to this user

Brian Carmichael
Instructional Content Architect
  •  
__guest__

Messages: 20
Karma: 0
Send a private message to this user
I tried clients XP, 7, 8 - on all of them I experienced the problem.

[Updated on: Wed, 26 April 2017 07:12]

  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
__guest__ wrote on Wed, 26 April 2017 05:05
Petr Dobry (Kerio) wrote on Wed, 26 April 2017 03:44
Does your template for domain users have "User can connect using VPN" enabled ?

Yes, as I wrote - I can connect to VPN provided by RRAS Windows using the same user, AD, computer.


I'm talking about domain template in Kerio Control.

Petr Dobry
Product Development Manager | Kerio
  •  
__guest__

Messages: 20
Karma: 0
Send a private message to this user
Petr Dobry (Kerio) wrote on Wed, 26 April 2017 13:54
__guest__ wrote on Wed, 26 April 2017 05:05
Petr Dobry (Kerio) wrote on Wed, 26 April 2017 03:44
Does your template for domain users have "User can connect using VPN" enabled ?

Yes, as I wrote - I can connect to VPN provided by RRAS Windows using the same user, AD, computer.


I'm talking about domain template in Kerio Control.

- I can't understand you. There are different domain templates in Kerio Control ? - I can't find them. You you mean "domain template" - OS of Domain Controller ? Please answer more in details.
Also, I've tried to modify registry on my client as written on kb article that you've provided - the problem did not solved.
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
I mean the Template button in Kerio Control user list

./fa/4645/0/


Petr Dobry
Product Development Manager | Kerio
  •  
__guest__

Messages: 20
Karma: 0
Send a private message to this user
Thank you, this setting helped me, but using Kerio VPN, not IP Sec.
  •  
__guest__

Messages: 20
Karma: 0
Send a private message to this user
Hello, the problem is not solved. On today:
1. Kerio Control 9.2.2, domain member
2. Domain users
- in AD, in domain user's properties in "Dial-in" tab - is set "Allow Access" - user can't connect to VPN.
If I in Kerio- > - Users- Template set "User can connect using VPN" - user can connect to VPN, - BUT - in this case, any domain user can connect to VPN, even if user has option set "Deny access" in "Dial in" tab of its properties.
I suspect that there is some bug in Kerio
How to resolve the problem - allow domain users to connect to VPN using user properties of AD ?
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
Quote:

How to resolve the problem - allow domain users to connect to VPN using user properties of AD ?

That is not currenlty possible. VPN access is driven solely by Control settings. Kerio Control does not use AD properties for that.

If you want to allow VPN only for some users, you have to edit the user and use own settings in Control, not the domain template.

Petr Dobry
Product Development Manager | Kerio
  •  
__guest__

Messages: 20
Karma: 0
Send a private message to this user
Hello - is this buh or unfinished feature ?
Previous Topic: Force logout of authenticated user
Next Topic: Using Parent Proxy on Transparent Proxy Traffic
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 24 02:10:02 CEST 2017

Total time taken to generate the page: 0.00684 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.