[vpn-help] Problem with AD / Domain Login

shrew.20.konus at xoxy.net shrew.20.konus at xoxy.net
Mon Aug 25 04:23:15 CDT 2014


Am 25.08.2014 um 11:06 schrieb Alexis La Goutte - alexis.lagoutte at gmail.com:
> On Mon, Aug 25, 2014 at 11:00 AM,  <shrew.20.konus at xoxy.net> wrote:
>> Am 25.08.2014 um 10:15 schrieb Alexis La Goutte - alexis.lagoutte at gmail.com:
>>> On Fri, Aug 22, 2014 at 10:16 AM,  <shrew.20.konus at xoxy.net> wrote:
>>>> Hello,
>>>> I  use the trial of the pro Version v2.2.2 to do a Secure AD/Domain Login
>>>>
>>>> After entering the login credentials for the domain, a window opens up
>>>> with
>>>> "Key file Credentials Required". After entering the key for the
>>>> certificate,
>>>> I get the following error:
>>>>
>>>> Windows-Sicherheit (german = Windows-Security)
>>>> Failed to configure key daemon using VPN Site Configuration 'name of my
>>>> config'
>>>>
>>>> config loaded for site 'name of my config'
>>>> attached key daemon...
>>>> peer configured
>>>> iskamp proposal configured
>>>> esp proposal configured
>>>> client configured
>>>> remote id configured
>>>> server cert configured
>>>> client cert configured
>>>> client key file requires password
>>>> detached from key daemon
>>>>
>>>> It is also notable that the window "Key file Credentials Required" does
>>>> not
>>>> close after entering the passphrase for the certificate, but does not
>>>> react
>>>> anymore.
>>>>
>>>> My vpn-server is running on Endian Firewall Community release 2.4.1. The
>>>> Windows Server is 2008R2. The client is Windows 7-64bit.
>>>> If I try to connect after windows login, it works perfect.
>>>>
>>>> Thank you for your advice.
>>>> Greetings Konrad
>>>>
>>> Hi Konrad,
>>>
>>> Do you have check the Shrew log and vpn-server log ?
>>>
>>> Regards,
>> Hi, thank you for your answer!
>> Using the Connect-before-login-method, there is no entry in the vpn-server
>> Log.
>> On the client, after activation of debugging via registry, i found the
>> following entries in iked.log
>> 14/08/25 10:47:49 ## : IKE Daemon, ver 2.2.2
>> 14/08/25 10:47:49 ## : Copyright 2013 Shrew Soft Inc.
>> 14/08/25 10:47:49 ## : This product linked OpenSSL 1.0.1c 10 May 2012
>> 14/08/25 10:47:49 ii : opened 'C:\Program Files\ShrewSoft\VPN
>> Client\debug\iked.log'
>> 14/08/25 10:47:49 ii : rebuilding vnet device list ...
>> 14/08/25 10:47:49 ii : device ROOT\VNET\0000 disabled
>> 14/08/25 10:47:49 ii : ipc server process thread begin ...
>> 14/08/25 10:47:49 ii : network process thread begin ...
>> 14/08/25 10:47:49 ii : pfkey process thread begin ...
>> 14/08/25 10:47:49 !! : unable to connect to pfkey interface
>> 14/08/25 10:49:04 ii : ipc client process thread begin ...
>> 14/08/25 10:49:04 <A : peer config add message
>> 14/08/25 10:49:04 <A : proposal config message
>> 14/08/25 10:49:04 <A : proposal config message
>> 14/08/25 10:49:04 <A : client config message
>> 14/08/25 10:49:04 <A : local id 'schuppan.ptw-ingenieure.de' message
>> 14/08/25 10:49:04 <A : remote certificate data message
>> 14/08/25 10:49:04 ii : remote certificate read complete ( 970 bytes )
>> 14/08/25 10:49:04 <A : local certificate data message
>> 14/08/25 10:49:04 ii : local certificate read complete ( 878 bytes )
>> 14/08/25 10:49:04 <A : local key data message
>> 14/08/25 10:49:04 !! : libeay : .\crypto\pkcs12\p12_kiss.c:110
>> 14/08/25 10:49:04 !! : error:23076071:PKCS12 routines:PKCS12_parse:mac
>> verify failure
>> 14/08/25 10:49:04 !! : local key read failed, requesting password
>> 14/08/25 10:49:17 ii : ipc client process thread exit ...
>>
>> Note: I have secured the certificate with a 12-digit-password.
>> As always, connecting after login works without problems...
>> Greetings Konrad
>>
> Hi,
>
> Please kept the list in CC.
Sorry.
> Do you have a prompt about ask the 12 digit password ?
Yes, there is a prompt with a floating window "Key file Credentials 
Required" (whitch does not properly close after pressing enter).





More information about the vpn-help mailing list