Hello,
We have been using a virtualized OPNsense + OpenVPN with a connection to our local AD in conjunction with TOTP for our users for about half a year. This has worked wonderfully so far. Recently, we have had the problem that some users are unable to establish a VPN connection.
The OpenVPN log for the user shows: LDAP bind error [80090308: LdapErr: DSID-0C09050F, comment: AcceptSecurityContext error, data 52e, v4563; Invalid credentials]
However, the credentials are 100% correct. Even the LDAP test with user XY then fails. If we now delete the imported user from the OPNsense and import it again from our AD (previous OTP seed re-inserted), both the LDAP test and the login via OpenVPN+TOTP work perfectly for the user. Is this a known problem? Does anyone have a (permanent) solution? I don't feel like re-importing all ~70 accounts every few months ;)
Edit:
Still exists on 24.7.11_2
The current version is 24.7.6, but the problem has existed since at least 24.7.3