topic Multi-Factor Authentication (MFA) for Remote Access VPN with Certificate Key Enrollment for AD user in SASE and Remote Access https://community.checkpoint.com/t5/SASE-and-Remote-Access/Multi-Factor-Authentication-MFA-for-Remote-Access-VPN-with/m-p/260075#M1561 <P>We have configured 2FA with LDAP on Checkpoint firewall R81.20JHF 105. We are using Cert+Username and Password as the authentication method. Do we need domain admin credentials while to enroll cert key from LDAP to AD USER. We have performed all the required steps for the same but while we enroll and save the certificate, we get an error saying Error Code:67&nbsp;<SPAN>Overwriting object: Operation not allowed on RDN" . What credentials we need to bypass this error.</SPAN>&nbsp;</P> Thu, 16 Oct 2025 13:31:53 GMT Imzi 2025-10-16T13:31:53Z Multi-Factor Authentication (MFA) for Remote Access VPN with Certificate Key Enrollment for AD user https://community.checkpoint.com/t5/SASE-and-Remote-Access/Multi-Factor-Authentication-MFA-for-Remote-Access-VPN-with/m-p/260075#M1561 <P>We have configured 2FA with LDAP on Checkpoint firewall R81.20JHF 105. We are using Cert+Username and Password as the authentication method. Do we need domain admin credentials while to enroll cert key from LDAP to AD USER. We have performed all the required steps for the same but while we enroll and save the certificate, we get an error saying Error Code:67&nbsp;<SPAN>Overwriting object: Operation not allowed on RDN" . What credentials we need to bypass this error.</SPAN>&nbsp;</P> Thu, 16 Oct 2025 13:31:53 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Multi-Factor-Authentication-MFA-for-Remote-Access-VPN-with/m-p/260075#M1561 Imzi 2025-10-16T13:31:53Z Re: Multi-Factor Authentication (MFA) for Remote Access VPN with Certificate Key Enrollment for AD u https://community.checkpoint.com/t5/SASE-and-Remote-Access/Multi-Factor-Authentication-MFA-for-Remote-Access-VPN-with/m-p/260136#M1562 <P>I believe you need service account with the right permissions.</P> Fri, 17 Oct 2025 04:39:03 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Multi-Factor-Authentication-MFA-for-Remote-Access-VPN-with/m-p/260136#M1562 the_rock 2025-10-17T04:39:03Z Re: Multi-Factor Authentication (MFA) for Remote Access VPN with Certificate Key Enrollment for AD u https://community.checkpoint.com/t5/SASE-and-Remote-Access/Multi-Factor-Authentication-MFA-for-Remote-Access-VPN-with/m-p/260148#M1563 <P>Could you please confirm if LDAP Domain Administrator credentials are required to achieve this requirement,</P><P>or</P><P>if credentials with read and write permissions will be sufficient?</P> Fri, 17 Oct 2025 09:47:15 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Multi-Factor-Authentication-MFA-for-Remote-Access-VPN-with/m-p/260148#M1563 Imzi 2025-10-17T09:47:15Z Re: Multi-Factor Authentication (MFA) for Remote Access VPN with Certificate Key Enrollment for AD u https://community.checkpoint.com/t5/SASE-and-Remote-Access/Multi-Factor-Authentication-MFA-for-Remote-Access-VPN-with/m-p/260150#M1564 <P>Im fairly sure just read/write.</P> Fri, 17 Oct 2025 10:14:46 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Multi-Factor-Authentication-MFA-for-Remote-Access-VPN-with/m-p/260150#M1564 the_rock 2025-10-17T10:14:46Z Re: Multi-Factor Authentication (MFA) for Remote Access VPN with Certificate Key Enrollment for AD u https://community.checkpoint.com/t5/SASE-and-Remote-Access/Multi-Factor-Authentication-MFA-for-Remote-Access-VPN-with/m-p/260218#M1565 <P>will test and let you know.</P><P>&nbsp;</P><P>Thanks for your support..!!</P> Sat, 18 Oct 2025 04:39:44 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Multi-Factor-Authentication-MFA-for-Remote-Access-VPN-with/m-p/260218#M1565 Imzi 2025-10-18T04:39:44Z