3005 Concentrator Configuration/User Management

richmorrow624 · ‎09-09-2006

I am trying to configure a 3005 Concentrator for Kerberos or NT authentication for remote clients to access the network from home or on the road.

I would like to use the existing windows client if possible.

I have tried to configure per Cisco recommendations but do not understand a few things:

1. I can go to "Condifuration\System \Servers\Authentication" and test authentication successfully.

When I try to connect, the client makes a connection but the concentrator log shows nothing more than the connection and disconnect with no reason given.

The client end just shows trying to authenticate.

According to Cisco, I also need to configure "User Management\Groups" but when I configure that, I do not understand where the group name and password comes in to play. Why do I need that?

The concentrator log looks like the group I created is trying to authenticate to Active Directory.

Log show this and also show when I try to test the authentication at the group level:

31655 09/09/2006 14:26:13.650 SEV=4 AUTH/9 RPT=43

Authentication failed: Reason = No active server found

handle = 1013, server = (none), user = test

The cisco document on NT authentication also shows the group being created

grant.maynard · ‎09-09-2006

there is no concept of group for PPTP users - the Concentrator has no way of matching a user to a group when they connect. So PPTP users will be in the Base Group and will use authentication servers in the order listed in Configuration | System | Servers | Authentication.

richmorrow624 · ‎09-10-2006

Thanks for the reply, that makes sense.

Is the PPTP connection safe enough used this way?

Are there any guidlines on what to look for if I cannot connect with the Microsoft client?

The client just sites at "authenticating"

I do not see anything in the concentrator log.