RE: [ActiveDir] Hate to beg..

Tom, I do not think you can use L2TP/IPSEC without a certificate. Regards, Aric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Wednesday, November 24, 2004 8:28 AM To: ActiveDir (E-mail) Subject: [ActiveDir] Hate to beg.. I don't want

RE: [ActiveDir] Hate to beg..

Then why oh why is kerberos an option? thanks -Original Message- From: Bernard, Aric [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 24, 2004 11:37 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hate to beg.. Tom, I do not think you can use L2TP/IPSEC without a certificate

RE: [ActiveDir] Hate to beg..

I would agree. The whole point behind IPSec/L2TP is having that certificate. Sorry Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Wednesday, November 24, 2004 8:37 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hate to beg

RE: [ActiveDir] Hate to beg..

Can you clarify as to where you are seeing Kerberos as an option for L2TP/IPSEC? Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Wednesday, November 24, 2004 8:41 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hate to beg

RE: [ActiveDir] Hate to beg..

, November 24, 2004 11:41 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hate to beg.. Then why oh why is kerberos an option? thanks -Original Message- From: Bernard, Aric [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 24, 2004 11:37 AM To: [EMAIL PROTECTED] Subject: RE

RE: [ActiveDir] Hate to beg..

PROTECTED] Sent: Wednesday, November 24, 2004 11:51 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hate to beg.. Can you clarify as to where you are seeing Kerberos as an option for L2TP/IPSEC? Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom

RE: [ActiveDir] Hate to beg..

-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, November 24, 2004 11:50 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hate to beg.. Kerberos is not supported at least on W2K. http://support.microsoft.com/default.aspx?scid=kb

RE: [ActiveDir] Hate to beg..

. Regards, Aric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, November 24, 2004 8:50 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hate to beg.. Kerberos is not supported at least on W2K. http://support.microsoft.com

RE: [ActiveDir] Hate to beg..

24, 2004 11:50 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hate to beg.. Kerberos is not supported at least on W2K. http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q248711 There were supposed to be some changes for W2K3, but those were for IPSEC (such as startup changes etc). I

RE: [ActiveDir] Hate to beg..

] Subject: RE: [ActiveDir] Hate to beg.. In secpol.msc under ip security policies on local machine. open up one of the pre built policies and go to authentication. you have a choice of pre shared key,cert and kerberos. kerberos is checked off as the default. Thanks -Original Message- From: Bernard

RE: [ActiveDir] Hate to beg..

:02 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hate to beg.. Let me clarify a little. It's a rare occurrence when you could use kerb auth for this. Not likely designed for what you are wanting to do. Click the Authentication Methods tab, configure the authentication method that you want

RE: [ActiveDir] Hate to beg..

the clients are already at the remote site. whats a good way to get the machines the cert? thanks -Original Message- From: Bernard, Aric [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 24, 2004 12:05 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hate to beg.. Using certificate

RE: [ActiveDir] Hate to beg..

:35 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hate to beg.. SO like client to domain controller during logon? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Wednesday, November 24, 2004 12:26 PM To: [EMAIL PROTECTED] Subject

RE: [ActiveDir] Hate to beg..

In the case of Kerberos, no that would be the exception... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Wednesday, November 24, 2004 9:35 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hate to beg.. SO like client

RE: [ActiveDir] Hate to beg..

without regard to the policy specified in the GPO. Hope this helps Aric Bernard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Wednesday, November 24, 2004 9:44 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hate to beg.. So, you

RE: [ActiveDir] Hate to beg..

Tom- You can use Public Key policy to push certs to machines already in the domain. Darren -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Wednesday, November 24, 2004 9:27 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hate to beg

RE: [ActiveDir] Hate to beg..

? Sorry for harping on this but MS has made it a little confusing to my small mind. Thanks -Original Message- From: Bernard, Aric [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 24, 2004 1:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hate to beg.. L2TP, or Layer 2 Tunneling