02-02-2003 08:33 PM - edited 03-09-2019 01:56 AM
Dear List members,
Anyone know solution for a Windows VPN client logon (NT, 2000, XP, Win98) to be able to login to the VPN3000 Concentrator and at the same time authenticate to the Domain Controller ?
Appreciate for any reply
Best Regards,
Engel
Solved! Go to Solution.
02-03-2003 07:27 PM
You can't do this, there's no way the VPN3000 authentication can tie into the Windows NT login. Sorry.
02-03-2003 07:27 PM
You can't do this, there's no way the VPN3000 authentication can tie into the Windows NT login. Sorry.
11-18-2003 12:34 PM
What if you use a RADIUS server that is provide with Win2K. Will this authentication through radius allow for single logon.
11-19-2003 05:53 AM
If you log on to a non-locally connected nt/2k/xp pro machine that is part of the domain, with a domain account and password, you should be able to logon with cached credentials. then if you connect to the vpn, you should have immediate access to all network resources. THis only allows people to log on who have previously logged onto the machine though, as it requires cached domain credentials to have been stored on the local box
you can choose to have the vpn client start before the logon screen, but I have not found this to be a reliable solution, but i have not really tried it with the 4.0 client. In theory, this should allow anyone to log on
11-27-2003 06:38 PM
I think chached credentials still not the solution for "single sign on" . For not so many users, the administrator can handle FAQ and troubleshoot a user`s logon problem. For a big site, load of the administrator to handle request from users that can not logon to the domain through the VPN tunnel will be a headache.
Best Regards,
Engel
12-03-2003 02:08 PM
I just saw your message..
We use Cisco Secure ACS and do just that !
12-05-2003 12:41 AM
May I know how you configure the VPN client (and the VPN Concentrator), the ACS+ Active Directory to do "Single Sign On" like solution ?
Would be appreciate for any insight.
Regards,
12-05-2003 12:43 PM
I'll try.
Local group defined on 3005 is type=external, which have the ACS server as their authentication server. This acts as my group "pre-shared" secret...I am using RADIUS between the 3005 and the ACS Server. The ACS server then points to the AD server, and the user logs in DOMAIN\username. The ACS server definition is Password Auth=external Win2K, group assigned is External auth. This is done after you connect to the AD and select which object you map to for allow. We use 2 things, must be a memeber of VPNGroup, and check box of allow dialin remote...
Does that help ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide