This solution applies to Barracuda SSL VPNs, all firmware versions.
Follow the below steps to configure your Barracuda SSL VPN to accept Active Directory certificates.
Obtain the root CA certificate from the Active Directory server. This can be done by navigating to the following URL with Internet Explorer: http://<server>/certsrv
Click Download a CA certificate, certificate chain, or CRL, then Download CA certificate.
In the web interface of your Barracuda SSL VPN, navigate to Advanced > SSL Certificates and click the Import certificate or key action. Choose the option A CA certificate for verifying Active Directory user certificates and import the downloaded certificate.
Go to Access Control > Authentication Schemes and create a new scheme.
Choose Client Certificate and perhaps another module; this works well as a 2 factor authentication scheme, but can be used on its own.
Go to Advanced > Configuration, in the Client Certificates section, set the mode of operation to Accept Certificates, set the certificate type to Active Directory and save the changes.
Restart the Barracuda SSL VPN, the system will now be able to authenticate using AD user certificates (the user can get the certificates from the same URL as mentioned above on the AD server).
*IF CLUSTERED* this Authentication Scheme and its configuration options will not be available. As of firmware version 2.1, clustering will be able to support client certificate authentication.
For more information on setting up Active Directory certificates, please refer to the following information from Microsoft:
Link to This Page: