[isapros] Re: OT: Vista VPN Client Credentials
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- To: "isapros@xxxxxxxxxxxxx" <isapros@xxxxxxxxxxxxx>
- Date: Thu, 25 Jan 2007 10:55:34 -0800
What's interesting is that the Vista client attempts to use NetBIOS
connections while the domain member uses CIFS specifically. Let's see what
happens if I open NBT transports up from the VPN segment to the internal
servers I need...
t
On 1/25/07 10:28 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to
all:
> Maybe they thought interactive credentails were less likely to be domain
> credentails, so it's more secure to blast them than your domain
> credentails.
>
> Heck, makes about as much sense as the rationale they used to hork
> NAT-T.
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- Microsoft Firewalls (ISA)
>
>
>
>> -----Original Message-----
>> From: isapros-bounce@xxxxxxxxxxxxx
>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
>> (Hammer of God)
>> Sent: Thursday, January 25, 2007 11:51 AM
>> To: isapros@xxxxxxxxxxxxx
>> Subject: [isapros] Re: OT: Vista VPN Client Credentials
>>
>> Yes, clearly more secure. Connect up to a hotspot connection
>> and have your
>> interactive credentials automatically and silently basted
>> downrange to any
>> service that asks for it :-/
>>
>> t
>>
>>
>> On 1/25/07 9:55 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
>> spoketh to
>> all:
>>
>>> OK, just testing you :)
>>>
>>> Since Vista is more secure, this must be a security issue ;))
>>>
>>> Security is inversely proportional to functionality.
>>>
>>> Thomas W Shinder, M.D.
>>> Site: www.isaserver.org
>>> Blog: http://blogs.isaserver.org/shinder/
>>> Book: http://tinyurl.com/3xqb7
>>> MVP -- Microsoft Firewalls (ISA)
>>>
>>>
>>>
>>>> -----Original Message-----
>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
>>>> (Hammer of God)
>>>> Sent: Thursday, January 25, 2007 11:41 AM
>>>> To: isapros@xxxxxxxxxxxxx
>>>> Subject: [isapros] Re: OT: Vista VPN Client Credentials
>>>>
>>>> No less than 1 million times ;)
>>>>
>>>> For years and years I've been logging in from non-domain XP
>>>> boxes as unique
>>>> local users and VPN'ing in to remote networks with completely
>>>> different
>>>> usernames/passwords and directly accessing network resources
>>>> silently as the
>>>> VPN user, not the local interactive user.
>>>>
>>>> I know I could join the domain and/or pair up usernames and
>>>> passwords, but I
>>>> never do that. I wouldn't have usernames and passwords on a
>>>> laptop that
>>>> matched usernames and passwords on my domain- that's just silly ;)
>>>>
>>>> t
>>>>
>>>>
>>>> On 1/25/07 9:42 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
>>>> spoketh to
>>>> all:
>>>>
>>>>> Tim,
>>>>>
>>>>> Are you sure it actually ever worked the way you thought it
>>>> did? That is
>>>>> to say, did it actually work where where you log in
>>>> interactively with
>>>>> one set of local non-domain credentails, and then create a
>>>> remote access
>>>>> VPN client connection using a second set of credentials and
>>>> then have
>>>>> the dial-in credentials sent to the remote file servers?
>>>>>
>>>>> I think in order for that scenario to possibly work, you
>>>> have to dial-in
>>>>> via dial-up networking during interactive logon. Try that
>>>> with the Vista
>>>>> client.
>>>>>
>>>>> Worst comes to worst, you can mirror your credentials on
>>>> the non-domain
>>>>> client with the domain accout.
>>>>>
>>>>> Tom
>>>>>
>>>>> Thomas W Shinder, M.D.
>>>>> Site: www.isaserver.org
>>>>> Blog: http://blogs.isaserver.org/shinder/
>>>>> Book: http://tinyurl.com/3xqb7
>>>>> MVP -- Microsoft Firewalls (ISA)
>>>>>
>>>>>
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
>>>>>> (Hammer of God)
>>>>>> Sent: Thursday, January 25, 2007 11:26 AM
>>>>>> To: isapros@xxxxxxxxxxxxx
>>>>>> Subject: [isapros] Re: OT: Vista VPN Client Credentials
>>>>>>
>>>>>> Hi Ara- thanks for checking. Yes, if the system is a domain
>>>>>> member, it
>>>>>> works as you describe. The point is that remote systems
>>>>>> should not need to
>>>>>> be domain members in order to VPN into a network and have the VPN
>>>>>> credentials used for access to that network's resources.
>>>>>>
>>>>>> A laptop user should not have to move around using cached
>>>>>> domain credentials
>>>>>> to log on to their system as a domain member... More
>>>>>> importantly, the local
>>>>>> users' interactive credentials should not automatically be
>>>>>> sent to a remote
>>>>>> host on a dial-up/VPN connection. That is a security issue
>>>>>> in itself...
>>>>>>
>>>>>> t
>>>>>>
>>>>>>
>>>>>> On 1/25/07 8:59 AM, "Ara Avvali" <Ara.Avvali@xxxxxxxxxxxxx>
>>>>>> spoketh to all:
>>>>>>
>>>>>>> I did a test myself last night from Vista. It dials in with
>>>>>> no problem,
>>>>>>> outlook opens fine, and I can go to
>> \\servername\sharename and no
>>>>>>> problem. One thought, I have the firewall client for vista
>>>>>> installed and
>>>>>>> laptop is a domain member which is going back and forward
>>>> work/home
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>>>>>>> On Behalf Of Thor (Hammer of God)
>>>>>>> Sent: Thursday, January 25, 2007 7:08 AM
>>>>>>> To: isapros@xxxxxxxxxxxxx
>>>>>>> Subject: [isapros] Re: OT: Vista VPN Client Credentials
>>>>>>>
>>>>>>> Anyone? Bueller? Anyone?
>>>>>>>
>>>>>>> Is there anyone out there who is VPN'ing into a network on
>>>>>> a non-domain
>>>>>>> machine with Vista? Is it time to post to the Focus-MS list???
>>>>>>>
>>>>>>> t
>>>>>>>
>>>>>>>
>>>>>>> On 1/24/07 12:36 PM, "Thor (Hammer of God)"
>> <thor@xxxxxxxxxxxxxxx>
>>>>>>> spoketh
>>>>>>> to all:
>>>>>>>
>>>>>>>> Greetings... I'm hoping this something stupid that I'm just not
>>>>>>> seeing, but
>>>>>>>> I'm having an issue automatically authenticating to a
>>>>>> remote network
>>>>>>> under
>>>>>>>> my VPN credential in Vista (x64).
>>>>>>>>
>>>>>>>> With XP, on a non-domain, standalone workgroup box, I
>>>> can create a
>>>>>>> standard
>>>>>>>> VPN client and log on to the remote network using my user
>>>>>> account on
>>>>>>> remote
>>>>>>>> network domain. Though I'm logged on interactively as a
>>>>>> local user on
>>>>>>> that
>>>>>>>> XP box, when I go to \\host.domain.com, my VPN credentials are
>>>>>>> automatically
>>>>>>>> used to access shared resources on the remote network.
>>>> Same thing
>>>>>>> with
>>>>>>>> connecting to a remote SQL box (requiring integrated auth). No
>>>>>>> problems at
>>>>>>>> all with XP, been doing it for years.
>>>>>>>>
>>>>>>>> However, with Vista, the credentials I use to log onto
>> the remote
>>>>>>> network
>>>>>>>> are NOT being used when I access resources on the
>> remote network.
>>>>>>> Browsing
>>>>>>>> to the share point results in a logon box being
>> displayed. If I
>>>>>>> attempt to
>>>>>>>> connect to a SQL box, it says "not a trusted connection"
>>>>>> (as it would
>>>>>>> if my
>>>>>>>> local user is being used.) WTF? I've looked through and set
>>>>>>> everything
>>>>>>>> that I can, including setting the location as "Work" and
>>>>>> "Home." I do
>>>>>>> NOT
>>>>>>>> want to have to join the box to the remote domain.
>>>>>>>>
>>>>>>>> Anyone know what I'm doing wrong?? Thanks.
>>>>>>>> t
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>
>
>
Other related posts:
