Single authentication from VPN to windows domain

bgreen · ‎01-15-2003

Problem: Executives cannot remember two passwords (one for VPN and one for Windows Domain).

How the solution should feel: User “A” logons from home via VPN, through that authentication process they are allowed into the domain with a single authentication process. IE single username and password. Any ideas?

d-garnett · ‎01-15-2003

enable ntdomain as user authentication on the concentrator

and

i am pretty sure you can enter the credentials in the client profile

under the "Log onto Windows Domain" section under the Authentication Tab

configuring "ntdomain" XAUTH for that group on the concentrator by itself will only use the nt database for authenticating the client's username and password (for logging onto the vpn only (XAUTH/part of Phase 1 IKE SA), not log onto the actual windows network). Make sure that the

"Log onto Windows Domain" box is checked and "Prompt user for logon Credentials" check box is checked to enable logging onto the windows domain. Because the password to logon to the VPN (finish phase 1) is authenticated against the ntdatabase, the password to logon to the actual windows network will be the same, although they may be prompted to enter it again.

"Prompt for network logon credentials—The private network prompts you for a username and password to use its resources. If the logon username or password on your PC differs from those on the private network, use this option."

here is a link that may lead you in the right direction

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_user_guide_chapter09186a00800ecb3d.html#xtocid18

good luck