How do I log on to NT domain after establishing VPN ?

[DannyKudos]

Hi Folks

I am having a bit of a nightmare logging on to our NT Server via a VPN using a Draytek Vigor 2200 router.

Im accessing our network from my Windows ME pc at home. Our server runs NT4.

I can establish the VPN, and once established, I can ping all the machines on the network, including the server. I can even collect my email from the server (There is a Mailtraq POP server running on it. )

The network obviously sees my remote connection as local, as our POP software will only accept requests from local macines (ie.. ip ranges from 10.0.0.*. I can even collect files using FTP from the server using Mailtraqs FTP server. All this is being done, needless to say,
from behind the Dreytek firewall.

HOWERVER, I never get an NT logon screen, and I can't map the network drive. None of the network shows on "my network places".

Any ideas ? I feel like im so close, yet so far !!

Cheers
Dan

 

[slyride]

Hello, Is your machine a member of the domain? Can you ping by name?

 

[DannyKudos]

I can ping the server by name "NTMAIN"
I have Client for MS Networks selected as my primary Logon, and I have "Log on to NT Domain" selected, with the name of the domain (Kudos) in the box provided. Username and Password I use to establish VPN are the same as I would use if I were logging on locally. My machine on site is turned off when Im not there, so there shouldnt be any conflict.

I emailed Draytek about this, and they suggested installing a RADIUS server on the NT server. ???

Cheers

 

[slyride]

Hello again, sorry for not checking this for a while. Anyhow, here's my thoughts, I had a similar thing happen with me logging on from home and I had to join the domain with my home pc(W2k Pro). I was able to do it while connected to the vpn, although I don't think you can log directly on to the domain upon restart, anyhow that sort of tricked it into thinking it was part of the domain and then once you connect the vpn it will let you browse. It might be easier than that with NT, you may be able to rename your home pc to the same as your work, just make sure they aren't on at the same time.

 

[DannyKudos]

Thanks for that, but Im not sure I understand what you did...What Primary Logon did you use ? Client for MS Networks ? What settings in general ?
I think I have tried most combinations !.

Thanks !

 

[slyride]

Before we go any farther, are you vpning into the router or a RAS server.

 

[DannyKudos]

VPNing to the Router. Once this is established I can ping all the machines on the network (all machines have specific local IP addresses)

 

[matkom]

You have to force Kerberos to use tcp rather than UDP. For my network it works. I cane join to domain from my remote localizations. Thi requires change registry. Write forum I'll write you the registry change

 

[PeterHurst]

Can you access shares by name eg \\computer\share from the run box?

You'll need a wins server for browsing to work.

 

[JohnSecurity]

The answer is you can't log onto the domain at computer logon unless your VPN software supports a connection before you actually logon. I think Cisco can do it. Checkpoint does it with Secure Domain Logon SDL.

What others are talking about is logging on with cached credentials... That basicly is if your machine is a member of the domain and you log onto it with your domain credentials it will let you log on (but not really be logging into the domain because no connectivity with VPN yet). Then when you map drives it will work because your credentials match, but if you check the domain controller or use apps which look to the Domain controller to see your logon status you are not logged on.

You can join the domain over a VPN, but that will put you in the cached credential group unless you have a VPN client that connects before authentication (windows logon)..

John