[vpn-help] Problem with AD / Domain Login

Alexis La Goutte alexis.lagoutte at gmail.com
Mon Aug 25 04:31:33 CDT 2014 

On Mon, Aug 25, 2014 at 11:23 AM,  <shrew.20.konus at xoxy.net> wrote:
>
> Am 25.08.2014 um 11:06 schrieb Alexis La Goutte - alexis.lagoutte at gmail.com:
>>
>> On Mon, Aug 25, 2014 at 11:00 AM,  <shrew.20.konus at xoxy.net> wrote:
>>>
>>> Am 25.08.2014 um 10:15 schrieb Alexis La Goutte -
>>> alexis.lagoutte at gmail.com:
>>>
>>>> On Fri, Aug 22, 2014 at 10:16 AM,  <shrew.20.konus at xoxy.net> wrote:
>>>>>
>>>>> Hello,
>>>>> I  use the trial of the pro Version v2.2.2 to do a Secure AD/Domain
>>>>> Login
>>>>>
>>>>> After entering the login credentials for the domain, a window opens up
>>>>> with
>>>>> "Key file Credentials Required". After entering the key for the
>>>>> certificate,
>>>>> I get the following error:
>>>>>
>>>>> Windows-Sicherheit (german = Windows-Security)
>>>>> Failed to configure key daemon using VPN Site Configuration 'name of my
>>>>> config'
>>>>>
>>>>> config loaded for site 'name of my config'
>>>>> attached key daemon...
>>>>> peer configured
>>>>> iskamp proposal configured
>>>>> esp proposal configured
>>>>> client configured
>>>>> remote id configured
>>>>> server cert configured
>>>>> client cert configured
>>>>> client key file requires password
>>>>> detached from key daemon
>>>>>
>>>>> It is also notable that the window "Key file Credentials Required" does
>>>>> not
>>>>> close after entering the passphrase for the certificate, but does not
>>>>> react
>>>>> anymore.
>>>>>
>>>>> My vpn-server is running on Endian Firewall Community release 2.4.1.
>>>>> The
>>>>> Windows Server is 2008R2. The client is Windows 7-64bit.
>>>>> If I try to connect after windows login, it works perfect.
>>>>>
>>>>> Thank you for your advice.
>>>>> Greetings Konrad
>>>>>
>>>> Hi Konrad,
>>>>
>>>> Do you have check the Shrew log and vpn-server log ?
>>>>
>>>> Regards,
>>>
>>> Hi, thank you for your answer!
>>> Using the Connect-before-login-method, there is no entry in the
>>> vpn-server
>>> Log.
>>> On the client, after activation of debugging via registry, i found the
>>> following entries in iked.log
>>> 14/08/25 10:47:49 ## : IKE Daemon, ver 2.2.2
>>> 14/08/25 10:47:49 ## : Copyright 2013 Shrew Soft Inc.
>>> 14/08/25 10:47:49 ## : This product linked OpenSSL 1.0.1c 10 May 2012
>>> 14/08/25 10:47:49 ii : opened 'C:\Program Files\ShrewSoft\VPN
>>> Client\debug\iked.log'
>>> 14/08/25 10:47:49 ii : rebuilding vnet device list ...
>>> 14/08/25 10:47:49 ii : device ROOT\VNET\0000 disabled
>>> 14/08/25 10:47:49 ii : ipc server process thread begin ...
>>> 14/08/25 10:47:49 ii : network process thread begin ...
>>> 14/08/25 10:47:49 ii : pfkey process thread begin ...
>>> 14/08/25 10:47:49 !! : unable to connect to pfkey interface
>>> 14/08/25 10:49:04 ii : ipc client process thread begin ...
>>> 14/08/25 10:49:04 <A : peer config add message
>>> 14/08/25 10:49:04 <A : proposal config message
>>> 14/08/25 10:49:04 <A : proposal config message
>>> 14/08/25 10:49:04 <A : client config message
>>> 14/08/25 10:49:04 <A : local id 'schuppan.ptw-ingenieure.de' message
>>> 14/08/25 10:49:04 <A : remote certificate data message
>>> 14/08/25 10:49:04 ii : remote certificate read complete ( 970 bytes )
>>> 14/08/25 10:49:04 <A : local certificate data message
>>> 14/08/25 10:49:04 ii : local certificate read complete ( 878 bytes )
>>> 14/08/25 10:49:04 <A : local key data message
>>> 14/08/25 10:49:04 !! : libeay : .\crypto\pkcs12\p12_kiss.c:110
>>> 14/08/25 10:49:04 !! : error:23076071:PKCS12 routines:PKCS12_parse:mac
>>> verify failure
>>> 14/08/25 10:49:04 !! : local key read failed, requesting password
>>> 14/08/25 10:49:17 ii : ipc client process thread exit ...
>>>
>>> Note: I have secured the certificate with a 12-digit-password.
>>> As always, connecting after login works without problems...
>>> Greetings Konrad
>>>
>> Hi,
>>
>> Please kept the list in CC.
>
> Sorry.
>>
>> Do you have a prompt about ask the 12 digit password ?
>
> Yes, there is a prompt with a floating window "Key file Credentials
> Required" (whitch does not properly close after pressing enter).

Ok, a bug i think, need to see with Matthew
>
>
>
>
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> https://lists.shrew.net/mailman/listinfo/vpn-help

More information about the vpn-help mailing list