When I change the user settings to "LDAP + Local Users" and the user tries to VPN in using their Active Directory credentials, they receive the a failure to authenticate error (tested on a Mac) and the SonicWall logs a dropped packet due to "IP Spoof Detected" error from that user. Every time I make changes to the LDAP integration on the Sonicwall, I get a warning from the Sonicwall device that the L2TP server is setup using CHAP, which is not supported by Active Directory.I can authenticate the user on the LDAP integration test page. We just set up the SonicWall LDAP settings to integrate with our internal Active Directory controller.
The local users have been set up as "userABC" with a shared key and are able to connect using the basic Windows or Mac vpn clients and then access resources behind the firewall.