NT domain access after connecting through VPN [7:66618]
I am using a PIX and VPN client 3.6 and getting in works just fine. Problem is I want to connect to NT domain resources across the board after logging into VPN. I know you can connect to network shares using alternate username and password but for things like remote event logs on the domain, you don't get prompted and will be denied. I am aware that you can have VPN connect before logging into Windows and then log into the domain after VPN is connected but I don't want to alter people's computers that are logging in locally. I would rather get access to the domain after logging in locally and then the VPN. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66618&t=66618 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NT domain access after connecting through VPN [7:66618]
>From my experiences in deploying both pix and the 3000 series concentrators, the question of 'seamless' authentication or access to network resources once connected to the vpn is always an issue. To get around this I have seen various methods utilized, each of which has catches and possibly user's computers altered which throws a wrench into things if we're talking home users PC's etc. Argh. The first method, is what you have already mentioned which is to have the cisco client load before the windows login prompt and establish the vpn, and then use the regular domain username and password, which will provide full resource authentication based on the NT account rights. I have been successful with this method and have found it to work quite reliably. The other methods I have used is kind of clunky in my own opinion which is a) have the users authenticate to the vpn, then distribute a batch file login script with the 'user' switch in it, which when executed will prompt the user for a password once, and then cache the authenticaiton credentials for future resource requests or b) Create a matching profile on the local machine that matches the username/password created in the NT database which will allow the seamleass authentication affect. As you can see, a & b are not scalable and require more configuration of the user's machine and ability on the user's part. I apologize for the long winded reply, and I hope this sheds some light on the topic. I am interested to hear of anyone else's solutions to this problem. Utltimately I think with your specific case, seamless authentication is your only route (ie. using the client boot before startup method) as the domain event logs will not prompt you to authenticate, in which case cached credentials have to be used. Cheers. Adam > I am using a PIX and VPN client 3.6 and getting in works just fine. Problem > is I want to connect to NT domain resources across the board after logging > into VPN. I know you can connect to network shares using alternate username > and password but for things like remote event logs on the domain, you don't > get prompted and will be denied. > > I am aware that you can have VPN connect before logging into Windows and > then log into the domain after VPN is connected but I don't want to alter > people's computers that are logging in locally. I would rather get access to > the domain after logging in locally and then the VPN. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66647&t=66618 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NT domain access after connecting through VPN [7:66618]
Thanks for your input. I'm looking around at other vendors to see what they offer with this. One thing I don't like with the PIX vpn is the lack of logging capabilites. I want to know when someone logged in, when the logged out, where they went, etc. I'm looking at the concentrators but don't remember seeing this. As far as I can see, AAA can do some of this but you have to use http, ftp, or telnet. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66705&t=66618 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NT domain access after connecting through VPN [7:66618]
The Shiva client is pretty good, kicks off domain authentication after the tunnel is up. -Original Message- From: Doug Korell [mailto:[EMAIL PROTECTED] Sent: 02 April 2003 19:06 To: [EMAIL PROTECTED] Subject: Re: NT domain access after connecting through VPN [7:66618] Thanks for your input. I'm looking around at other vendors to see what they offer with this. One thing I don't like with the PIX vpn is the lack of logging capabilites. I want to know when someone logged in, when the logged out, where they went, etc. I'm looking at the concentrators but don't remember seeing this. As far as I can see, AAA can do some of this but you have to use http, ftp, or telnet. = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = = Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66776&t=66618 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
