I am trying to setup WebADM to use two factor authentication with a VPN tunnel. I managed to get this all working last week however there is a slight issue. WebADM will detect registered users by checking in the objectClass attribute of Active Directory for a value of webadmAccount. I managed to get this working by making it search for the value "user" instead, which obviously registered all my users to be able to use this, however I do want to be able to control who can access the VPN.
So the problem seems to be in adding a value to the objectClass of a user. If I attempt to manually add the class created by WebADM or ones created by myself, I get the following error:
---------------------------
ADSIEdit
---------------------------
Operation failed. Error code: 0x2040
The specified method is not supported.
00002040: SvcErr: DSID-030F0E51, problem 5003 (WILL_NOT_PERFORM), data 0
---------------------------
OK
---------------------------
Even if I try to add inetOrgUser to a users objectClass I will get exactly the same error. Googling around has not shed much light on this issue, so I am hoping someone can help me out here.
The DC was originally 2000 -> 2003 -> 2008 (current version)
So as I was aware, being able to change objectClass's only became available in 2008.
After banging my head against a wall with this problem for a few days, I checked the Forest Functional Level and it was still set at 2000.
Changing this by:
After the upgrade, everything works fine.