Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can access remotely,can't log onto the network

Status
Not open for further replies.
jbead

jbead

IS-IT--Management
Jun 28, 2002
74
0
0
US
Hello:

I am able to connect and authenticate clients via Radius using Checkpoint Securclient 4.51. I am using a Nokia 330 running checkpoint.

I have added the ip addresses as well as the computer names into the host and lmhost files.

I am able to connect to outlook without any problem, but I can not map a network drive or browse the network. It looks like the server is not accepting the cached logon and I can not get the network logon box to appear on the client.

Does anyone have any ideas or can you point me in the right direction.

The servers are win2k, the clients are win2k.

Thanks, Jbead
JBead
 
Sort by date Sort by votes
How are your clients getting connectivity remotely. Are they Dialing up to a third party like Earthlink - then VPN in with checkpoint client. Are they using cable modems? Dial up to your network.


What I think ou need to do is to check your method of authentication. It is not a network connectivity issue. It is a permissions issue. Try using Authentication with windows permissions. I have set up checkpoint before and had similar issues, but played with it to fix it. Tell me more how you have it set up.
 
Upvote 0 Downvote
Some are connecting via cable modem,some are dsl and some are straight dialup to an isp i.e., systems solutions, earthlink. Once an internet connection is made, we launch checkpoint securclient to authentiate using a Radius server. Everything comes back ok. I am able to open and connect to the exchange server, but I can map, browse or open a server on the network. I tested it with straight dialup to two different ISP. Both were joined to the network and their traveling laptops. Any ideas would be appreciated.

PS in the host file I put in the dns server and the domains dc.

thanks, j. bead JBead
 
Upvote 0 Downvote
I use different equipment (Nortel Contivity) but here's how I got all that working.

1) make sure the remote PC has logged onto the network (domain) sucessfully before .

2) Make a hardware profile with the network card disabled and use this profile when connecting via VPN

3) Add the domain user account to the local users group

Can you map using IP? We run a batch file once when setting clients up to map the drives and make them persistent.

Does your VPN client have an option to logoff on connect? That option will log off the current user and display the domain logon screen without destroying the dial-up connection

 
Upvote 0 Downvote
Thanks for the steps. Unfortunately, we can't diable the nic card since many users have broadband and it needs to be operational.

I did logon successfully to the network prior to trying to connect. This happens with broadband and dialup

I created an account in the local policy that resembles the logon to the domain.

The problem is I can't map any drive or browse the network

I am awaiting my firewall engineer to return from vacation, but I am thinking it might be somehting in topology. We are authenticating via Radius, but then the network is not accepting the cache login information and there isn't anyway to prompt the network logon box. I get information that there isn't any domain controllers available for logon. We only have one dc now, but hope to have the second in place in a day or two. Thanks...any other suggestions would be appreciated.

JBead
 
Upvote 0 Downvote
You're right about the topology being an issue. It was for me! The IP you're client's are being given by the concentrator is probably on a different network. When the client is trying to authenticate, it is sending a broadcast packet to find an authentication server and the packet isn't being passed by the router, which is good, but it is creating difficulties and is why the server isn't responding. That's why I asked if the client has sucessfully logged onto the Windows Domain before. Otherwise your client won't see the server even if you can ping it during logon. Once it has logged on sucessfully before it won't use a broadcast packet to find a server but send an authentication packet directly to the server that will traverse the router

Using an identical local machine user account won't help as it's SID and the SID of the domain account are different. It may even cause additional problems. I tried that one and M$ (I logged a job with em) told me to delete it.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Jay9988
  • Locked
  • Question
Google Chrome Remote Desktop cannot connect
Replies
1
Views
300
sbcsu
sbcsu
stanlyn
  • Locked
  • Question
Remote Desktop Access with Secure HTML Browser
Replies
0
Views
138
stanlyn
stanlyn
kjv1611
  • Locked
  • Question
Best Free or Cheap Remote Access Application / Tool for Windows 8 and 10?
Replies
0
Views
142
kjv1611
kjv1611
Dsmith1
  • Locked
  • Question
Talk Talk Huawei hg523a remote access
Replies
0
Views
357
Dsmith1
Dsmith1
Destro1924
  • Locked
  • Question
Cisco 877w Access lits/port forwarding issues- Help needed
Replies
0
Views
134
Destro1924
Destro1924

Part and Inventory Search

Sponsor

Back
Top