[vpn-help] Problem with AD / Domain Login 20)
Alexis La Goutte
alexis.lagoutte at gmail.com
Mon Aug 25 04:06:19 CDT 2014
On Mon, Aug 25, 2014 at 11:00 AM, <shrew.20.konus at xoxy.net> wrote:
>
> Am 25.08.2014 um 10:15 schrieb Alexis La Goutte - alexis.lagoutte at gmail.com:
>>
>> On Fri, Aug 22, 2014 at 10:16 AM, <shrew.20.konus at xoxy.net> wrote:
>>>
>>> Hello,
>>> I use the trial of the pro Version v2.2.2 to do a Secure AD/Domain Login
>>>
>>> After entering the login credentials for the domain, a window opens up
>>> with
>>> "Key file Credentials Required". After entering the key for the
>>> certificate,
>>> I get the following error:
>>>
>>> Windows-Sicherheit (german = Windows-Security)
>>> Failed to configure key daemon using VPN Site Configuration 'name of my
>>> config'
>>>
>>> config loaded for site 'name of my config'
>>> attached key daemon...
>>> peer configured
>>> iskamp proposal configured
>>> esp proposal configured
>>> client configured
>>> remote id configured
>>> server cert configured
>>> client cert configured
>>> client key file requires password
>>> detached from key daemon
>>>
>>> It is also notable that the window "Key file Credentials Required" does
>>> not
>>> close after entering the passphrase for the certificate, but does not
>>> react
>>> anymore.
>>>
>>> My vpn-server is running on Endian Firewall Community release 2.4.1. The
>>> Windows Server is 2008R2. The client is Windows 7-64bit.
>>> If I try to connect after windows login, it works perfect.
>>>
>>> Thank you for your advice.
>>> Greetings Konrad
>>>
>> Hi Konrad,
>>
>> Do you have check the Shrew log and vpn-server log ?
>>
>> Regards,
>
> Hi, thank you for your answer!
> Using the Connect-before-login-method, there is no entry in the vpn-server
> Log.
> On the client, after activation of debugging via registry, i found the
> following entries in iked.log
> 14/08/25 10:47:49 ## : IKE Daemon, ver 2.2.2
> 14/08/25 10:47:49 ## : Copyright 2013 Shrew Soft Inc.
> 14/08/25 10:47:49 ## : This product linked OpenSSL 1.0.1c 10 May 2012
> 14/08/25 10:47:49 ii : opened 'C:\Program Files\ShrewSoft\VPN
> Client\debug\iked.log'
> 14/08/25 10:47:49 ii : rebuilding vnet device list ...
> 14/08/25 10:47:49 ii : device ROOT\VNET\0000 disabled
> 14/08/25 10:47:49 ii : ipc server process thread begin ...
> 14/08/25 10:47:49 ii : network process thread begin ...
> 14/08/25 10:47:49 ii : pfkey process thread begin ...
> 14/08/25 10:47:49 !! : unable to connect to pfkey interface
> 14/08/25 10:49:04 ii : ipc client process thread begin ...
> 14/08/25 10:49:04 <A : peer config add message
> 14/08/25 10:49:04 <A : proposal config message
> 14/08/25 10:49:04 <A : proposal config message
> 14/08/25 10:49:04 <A : client config message
> 14/08/25 10:49:04 <A : local id 'schuppan.ptw-ingenieure.de' message
> 14/08/25 10:49:04 <A : remote certificate data message
> 14/08/25 10:49:04 ii : remote certificate read complete ( 970 bytes )
> 14/08/25 10:49:04 <A : local certificate data message
> 14/08/25 10:49:04 ii : local certificate read complete ( 878 bytes )
> 14/08/25 10:49:04 <A : local key data message
> 14/08/25 10:49:04 !! : libeay : .\crypto\pkcs12\p12_kiss.c:110
> 14/08/25 10:49:04 !! : error:23076071:PKCS12 routines:PKCS12_parse:mac
> verify failure
> 14/08/25 10:49:04 !! : local key read failed, requesting password
> 14/08/25 10:49:17 ii : ipc client process thread exit ...
>
> Note: I have secured the certificate with a 12-digit-password.
> As always, connecting after login works without problems...
> Greetings Konrad
>
Hi,
Please kept the list in CC.
Do you have a prompt about ask the 12 digit password ?
Regards,
>
More information about the vpn-help
mailing list