Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows 2000 domain login with VPN?

Status
Not open for further replies.

r00tMonster

Technical User
Dec 4, 2002
24
US
I am running a Windows 2000 Server box plugged into a Sonicwall Soho3/25. I have Sonicwall Global VPN Client software on workstations/laptops.

The win2k server gets an IP from the router. Clients can VPN into the router and ping the internal LAN. Everyones on the same subnet and can ping each other. Everything seems OK.

Problem: The win2k server does not ask the clients who VPN into the router for a "user name/password/domain" to login to the server. What has to be configured on the server to detect the presence of the VPN clients when they join the network?


x::0:0::::
 
Are you saying that they are just allowed to browse straight in? There is nothing that should need to be configured. Are the mobile users using Laptops that they use internally from the office also? The server will check to see how they are logged on to verify credentials. If they are still logging into the Domain using the cached credantials, they will not be prompted for user/pass....

Thanks,

Matt Wray
MCSE, MCSA, MCP, CCNA

 
The problem is the Server does not see the users coming in on the VPN. So the users are not prompted for user name and password for the domain.

The Global VPN client's are using L2TP/IPsec into the router's WAN port. The Server is plugged straight into the LAN port. Example, the server is on 192.168.0.10 and the VPN user is on 192.168.0.5. But the server is not asking for credentials?

The router has a cpu and ram, so it handles all the IP's on the LAN. The Server gets its IP from the router, and all VPN clients also get their IP from the router.

x::0:0::::
 
I always create a dummy account with almost NO rites for testing. Can you do this and see if the dummy account can get in? We really need to pinpoint the problem, because it sounds like anybody can get in. If the users getting in are being authenticated like Matt says using cache, no big deal. If the dummy account can get in with no rites/cache, you've got problems big time. Good luck.

Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@johnsoncomputers.us

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884
"Watson, the game is afoot!" [pipe]
 
No wait, you can't get in without a "shared secret" which is a very long alpha/numeric with symbols! Thats what VPN is for:) But once "in" the router and on the LAN, the server is not asking for a user name and password:-(

The users are in different states thousands of miles apart and have no cached info. Their machines have never been on this server. I mail them the shared secret on floppy and they just "cut and paste" it into thier VPN software to get into the router. User names and passwords for the domain are on the server after they get into the router:D

x::0:0::::
 
You still haven't answered the question I asked. Are they just browsing straight in without being prompted for credentials? You said they are not prompted for credentials, but you didn't say when....
If so, is the logon that they log into their local machine the same as their Domain user and pass? I'd also try a Dummy account as Glen stated. Set up this dummy account, log onto a local machine with it and connect to the VPN. See what happens.....

Thanks,

Matt Wray
MCSE, MCSA, MCP, CCNA

 
The answer to your question is "NO". I do have a dummy account setup. But there is no way to log into the server with the dummy account. The server is not asking for login info, so there is no way to login:)

If I access the router with the server I can see all the IP's who login to the router. They just can't get from the router to the Server.

I set the dummy user for VPN access. But I think there is something in "routing and remote access" I have to setup. Man, guess I should have got my MCSA:-( I went into RRAS and set my nic that goes to the router to accept VPN connections. Maybe that was it. The quest continues:)

x::0:0::::
 
Are your clients running 2000, NT, or XP? You shouldn't have to mess with RRAS, the sonicwall is the router. Can the server open up a UNC path to the clients (\\Client1\C$), and can the client open a UNC path to the server?
 
Are you trying to have them access thru My Network Places? That probably won't work unless you set up a hosts file for them. Use the UNC path as BigOrange said, or set up a direct shortcut thru My Network Places specified by IP address instead of name. I have never gotten DNS to work properly thru a VPN tunnel....

Thanks,

Matt Wray
MCSE, MCSA, MCP, CCNA

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top