01-11-2001 01:26 AM - edited 02-21-2020 09:56 AM
Two networks separated by a firewall. A server is located on the inside interface. Inbound authentication is active on the firewall in coordination with CiscoSecure. Users on the outside network needs to map a shared folder of server first inorder to run an application. The problem is that I need to do an ftp or an http authentication before mapping that folder. Is there a workaround to authenticate the mapping service (Netbios) instead of doing (two-step) ftp/http then mapping?
01-17-2001 03:18 PM
You could use a VPN tunnel to connect your users to the network, then they can login to the Netbios services as usual. Thats probably the easiest and most secure way. You shouldnt use NetBios across the Internet as a general rule, pretty insecure. If you have to, since NT login is considered pretty secure anyway, make aaa exceptions for the NetBios hosts that need to be connected to and then your users will only get the NetBios login and not have to http, telnet or ftp to open the conduits for those hosts. The PIX wont ever be running a NetBios authentication daemon. This is Microsoft proprietary technology and I cant see them licensing that to Cisco.
01-18-2001 10:59 AM
We had a similar issue last year with NetWare communication and authentication of conduits to NDS. A Cisco security representative responded that neither Novell or Microsoft would share their authentication API's. This leaves three options: use the default telnet, ftp, or http to authenticate your conduit, leave an open conduit (not an option for us), or VPN. If your outside users are coming across the Internet, or any untrusted network, then a VPN is your most secure solution of the three.
01-18-2001 11:21 AM
If you need to make this simpler for the users,
I recommend a batch file that will ftp in, passing username/password, then quit out. The next step in the batch file would be a net use statement.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide