Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


SonicWALL SSL-VPN 4000 - Active directory integration

Posted on 2013-12-24
Medium Priority
Last Modified: 2014-04-02
I recently started my current job, and last week the primary domain controller died.  Little did we know that it was not replicating correctly.  In the end,  I had to seize the roles on the secondary, and out backup softwares {AD backups} do not backup GPO objects, so they are all lost.

Our SSL-VPN device was authenticating users just fine through an active directory connection, but since the recovery,  It keeps saying users are "not a member of the permitted AD group(s).   The work around is to remove the security groups that are allowed, which lets everyone use it.. I want to secure this back up.  Here is a copy of the log.  {newest entry on top}

2013-12-24 13:29:29 Warning Authentication jthompson User login failed

2013-12-24 13:29:29 Debug Authentication jthompson Login failed - Not a member of permitted AD group(s)  

2013-12-24 13:29:29 Debug Authentication jthompson Matched 0/2 groups (0.00%)

2013-12-24 13:29:29 Debug Authentication jthompson No match for AD group: ssl-vpn-auth

2013-12-24 13:29:29 Debug Authentication jthompson No match for AD group: SSL-NetExtender-HQ

2013-12-24 13:29:29 Debug Authentication jthompson Considering SSL-VPN group: VPN

2013-12-24 13:29:29 Debug Authentication jthompson Found existing SSL-VPN group: amervend

2013-12-24 13:29:29 Debug Authentication jthompson Error in binding to LDAP server: Local error (82)

2013-12-24 13:29:29 Debug Authentication jthompson Kerberos login successful

2013-12-24 13:29:29 Debug Authentication jthompson Attempting AD/Kerberos login (principal: 'jthompson@AMERVEND.AFVUSA.COM', realm: 'amervend.afvusa.com')
2013-12-24 13:29:29 Debug Authentication jthompson Login attempt: domain: 'VPN'

Also,  if I go to Users --> Local Groups --> configure group --> AD Groups tab --> configure and enter a domain name and password,  it get the same error as above.
"Error in binding to LDAP server: Local error (82)"
Question by:Madlife6
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 11

Expert Comment

ID: 39737939
SSL VPN uses a simple AD account to validate the AD users if you integrated AD logon for VPN users. The AD account doesnt need any administrative privileges. Here "jthompson" is the AD account that was configured when integrating with AD.

To reconfigure it, you need to go to "Users -> Settings -> select "LDAP+Local" on "Authentication method for login" and click Configure"

As all configurations were already there, under the Login username in Setting tab, enter users full name as the Login username. And the password for the user. This must match the AD.

Go to Test tab, and enter the details and do a test, Dont enter fullname here, rather the login name. that should work now.

Author Comment

ID: 39737994
Maybe I should have Clarified,  this is the SonicWALL SSL-VPN Appliance.  there is No users-> Settings option.  If I go into portal -> domain,  the authentication is set as "Active Directory"

The error log looks to authenticate the users just fine,  but can't determine the group

I compared it without SonicWALL Firewall settings, which does LDAP + Local Authentication for the content filter bypass.  This authenticates users in the group without issue.
LVL 11

Expert Comment

ID: 39738071
Could you follow This Link and check page 142.
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal


Accepted Solution

Madlife6 earned 0 total points
ID: 39824162
Sorry for the delay.  I was out sick and then sent to a remote site for a week and a half.   I got this up and working.  It appears to be an issue with our PDC.  I rebuilt a 2nd domain controller,  got all the Active directory parts sync'ing good with the PDC, and when i pointed the SSL-VPN 4000 to this,  it worked just fine.

We have plans in the upcoming months to migrate everything to 2008, and in the process, get rid of the troublesome server.
LVL 11

Expert Comment

ID: 39824193
Good that the issue is fixed. Well done.

Author Closing Comment

ID: 39971694
Because the problem was an anomololy inside our PDC that no one would have figured out on their own.  All of their suggestions and help combined did lead me to determine this though.

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question