Is it possible to configure IPsec Users to be imported from a Windows AD?
When I view IP → IPSec → Users there does not seem to be any options other than to just create a local static user.
I would like to allow users or a group of users from the AD to use VPN access (so one less password/user combo to remember).
+1
I don’t think that RouterOS supports AAA for XAuth. What about L2TP over IPsec instead?
Regardless of whether you use L2TP over IPsec or wait for MikroTik to add support for an external XAuth user/pass database, the only source for AAA that RouterOS supports is RADIUS, not direct LDAP. So you will need to set up and configure a RADIUS server. Many RADIUS servers allow you to use LDAP as a backend data source, so as long as you use one that does, then you should be able to tie into the Windows AD LDAP database.
– Nathan
As mentioned before XAuth currently doesnt support Radius auth.
For other AAA needs against LDAP (AD DS), setup a NPS server (Windows Radius) and auth against that.
There are multiple topics on the forum about this, if you need help, post here.