SonicWALL Imported LDAP User Password Too Short
I'm attempting to add users on the sonicwall from my windows AD. I want the windows logon password to be the VPN password.
Users>Local users> import from ldap > I pick the user and they are created.
I think you want to Select LDAP + Local Users and not just Local Users if you want to Integrate LDAP/Active Directory with Sonicwall UTM Appliance. I'd also follow the other steps in these instructions to ensure you are configuring it correctly for your need.
Integrating LDAP/Active Directory with Sonicwall UTM Appliance (With video tutorial)
Video Tutorial: Click here for the video tutorial of this topic.
Procedure:
Go to Users > Settings page
In the Authentication method for login drop-down list, select **LDAP
- Local Users** and Click Configure
- On the Settings tab of the LDAP Configuration window, configure the following fields
On the Directory tab, configure the following fields: Primary domain: The user domain used by your LDAP implementation
User tree for login to server: The location of where the tree is that the user specified in the settings tab
Click on Auto-configure
Select Append to Existing trees and Click OK
This will populate the Trees containing users and Trees containing user groups fields by scanning through the directories in search of all trees that contain user objects.
- On the Schema tab, configure the following fields: LDAP Schema: Microsoft Active Directory
On the LDAP Users tab, configure the following fields:
Default LDAP User Group : Trusted Group
How to Test:
On the LDAP Test tab, Test a Username and Password in Active directory to make sure that the communication is successful.
source
You also say . . .
I'm getting this "warning" when I click some screens. "Note that LDAP authentication is selected with Active Directory, and it does not support CHAP authentication via LDAP. If L2TP users are to use CHAP then you should configure RADIUS so that it can be used for this, if you have not already done so." It seems you may want to follow this path of navigation in the SonicWALL configuration to integrate LDAP/Active Directory with SonicWALL
My end remote users are NOT using chap. Does this in anyway apply to sonicwall <--> Active Directory communication?
According to SonicOS: Enabling RADIUS to LDAP Relay for L2TP Authentication on SonicOS Enhanced depending on your configuration you may need to either configure the the central SonicWALL to operate as a RADIUS server or else look into configuring a RADIUS Server and then configuring the SonicWALL and other applicable settings (e.g. LDAP Relay).
LDAP does not usually support CHAP/MSCHAP authentication (Microsoft Active Directory and Novell eDirectory do not). The SonicWALL will automatically divert CHAP/MSCHAP authentications to RADIUS if LDAP does not support it and RADIUS is configured, so configure RADIUS if that is the case and L2TP server or VPN client connections are to use CHAP/MSCHAP.
The RADIUS to LDAP Relay feature is designed for use in a topology where there is a central site with an LDAP/AD server and a central SonicWALL with remote satellite sites connected into it via low-end SonicWALL security appliances that may not support LDAP. In that case the central SonicWALL can operate as a RADIUS server for the remote SonicWALLs, acting as a gateway between RADIUS and LDAP, and relaying authentication requests from them to the LDAP server
source
Additional Resources
- SonicWALL - Configuring RADIUS Authentication