Sorry, it’s been a while, and I’m nowhere near a Watchguard these days. But if I recall, I set it up as AD auth from Watchguard → proxy, then LDAP from proxy → DC. With those particular switches configured in the proxy configuration. Hope it helps.
Did you have pass_through_all in both server and client sections? Here is a snippet of my config
[radius_client]
host=xxx.xxx.xxx.xxx
host_2=xxx.xxx.xxx.xxx
secret=xxxxxxxxxxxxxx
pass_through_all=true
[radius_server_auto]
ikey=xxxxxxxxxxxxx
skey=xxxx...
I got it working on newer ones (Aruba branded). At first I tried Switch:RADIUS -> Auth-Proxy:LDAP -> AD, which didn’t work. The switch is looking for a RADIUS attribute to be returned. So I had to spin up an NPS server and go Switch:RADIUS -> Auth-Pr...
If any one is looking for direction on this, I got it working with the generic LDAP application, and setting up the SSL VPN auth to use AD.
There are a couple of gotchas. You need to disable the primary bind exemption. Since the firewall actually att...
If any one is looking for direction on this, I got it working with the generic LDAP application, and setting up the SSL VPN auth to use AD.
There are a couple of gotchas. You need to disable the primary bind exemption. Since the firewall actually att...
