[isapros] Re: OT: Vista VPN Client Credentials
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- To: "isapros@xxxxxxxxxxxxx" <isapros@xxxxxxxxxxxxx>
- Date: Thu, 25 Jan 2007 09:41:17 -0800
No less than 1 million times ;)
For years and years I've been logging in from non-domain XP boxes as unique
local users and VPN'ing in to remote networks with completely different
usernames/passwords and directly accessing network resources silently as the
VPN user, not the local interactive user.
I know I could join the domain and/or pair up usernames and passwords, but I
never do that. I wouldn't have usernames and passwords on a laptop that
matched usernames and passwords on my domain- that's just silly ;)
t
On 1/25/07 9:42 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to
all:
> Tim,
>
> Are you sure it actually ever worked the way you thought it did? That is
> to say, did it actually work where where you log in interactively with
> one set of local non-domain credentails, and then create a remote access
> VPN client connection using a second set of credentials and then have
> the dial-in credentials sent to the remote file servers?
>
> I think in order for that scenario to possibly work, you have to dial-in
> via dial-up networking during interactive logon. Try that with the Vista
> client.
>
> Worst comes to worst, you can mirror your credentials on the non-domain
> client with the domain accout.
>
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- Microsoft Firewalls (ISA)
>
>
>
>> -----Original Message-----
>> From: isapros-bounce@xxxxxxxxxxxxx
>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
>> (Hammer of God)
>> Sent: Thursday, January 25, 2007 11:26 AM
>> To: isapros@xxxxxxxxxxxxx
>> Subject: [isapros] Re: OT: Vista VPN Client Credentials
>>
>> Hi Ara- thanks for checking. Yes, if the system is a domain
>> member, it
>> works as you describe. The point is that remote systems
>> should not need to
>> be domain members in order to VPN into a network and have the VPN
>> credentials used for access to that network's resources.
>>
>> A laptop user should not have to move around using cached
>> domain credentials
>> to log on to their system as a domain member... More
>> importantly, the local
>> users' interactive credentials should not automatically be
>> sent to a remote
>> host on a dial-up/VPN connection. That is a security issue
>> in itself...
>>
>> t
>>
>>
>> On 1/25/07 8:59 AM, "Ara Avvali" <Ara.Avvali@xxxxxxxxxxxxx>
>> spoketh to all:
>>
>>> I did a test myself last night from Vista. It dials in with
>> no problem,
>>> outlook opens fine, and I can go to \\servername\sharename and no
>>> problem. One thought, I have the firewall client for vista
>> installed and
>>> laptop is a domain member which is going back and forward work/home
>>>
>>> -----Original Message-----
>>> From: isapros-bounce@xxxxxxxxxxxxx
>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>>> On Behalf Of Thor (Hammer of God)
>>> Sent: Thursday, January 25, 2007 7:08 AM
>>> To: isapros@xxxxxxxxxxxxx
>>> Subject: [isapros] Re: OT: Vista VPN Client Credentials
>>>
>>> Anyone? Bueller? Anyone?
>>>
>>> Is there anyone out there who is VPN'ing into a network on
>> a non-domain
>>> machine with Vista? Is it time to post to the Focus-MS list???
>>>
>>> t
>>>
>>>
>>> On 1/24/07 12:36 PM, "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
>>> spoketh
>>> to all:
>>>
>>>> Greetings... I'm hoping this something stupid that I'm just not
>>> seeing, but
>>>> I'm having an issue automatically authenticating to a
>> remote network
>>> under
>>>> my VPN credential in Vista (x64).
>>>>
>>>> With XP, on a non-domain, standalone workgroup box, I can create a
>>> standard
>>>> VPN client and log on to the remote network using my user
>> account on
>>> remote
>>>> network domain. Though I'm logged on interactively as a
>> local user on
>>> that
>>>> XP box, when I go to \\host.domain.com, my VPN credentials are
>>> automatically
>>>> used to access shared resources on the remote network. Same thing
>>> with
>>>> connecting to a remote SQL box (requiring integrated auth). No
>>> problems at
>>>> all with XP, been doing it for years.
>>>>
>>>> However, with Vista, the credentials I use to log onto the remote
>>> network
>>>> are NOT being used when I access resources on the remote network.
>>> Browsing
>>>> to the share point results in a logon box being displayed. If I
>>> attempt to
>>>> connect to a SQL box, it says "not a trusted connection"
>> (as it would
>>> if my
>>>> local user is being used.) WTF? I've looked through and set
>>> everything
>>>> that I can, including setting the location as "Work" and
>> "Home." I do
>>> NOT
>>>> want to have to join the box to the remote domain.
>>>>
>>>> Anyone know what I'm doing wrong?? Thanks.
>>>> t
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>
>
>
Other related posts:
