Jump to content



Photo

Logon to windows domain after connecting to a VPN


  • Please log in to reply
5 replies to this topic

#1 Dudydoo

Dudydoo

    Neowinian

  • Joined: 06-April 02

Posted 08 July 2005 - 19:48

Hi All,

I cannot seem to find an answer to what should be a simple thing to do, which is:

If I log into a network that has a Windows 2000 Server PDC over the Internet via a VPN router, is it then possible to log on to the domain (to access resources) after connecting to the VPN?

Network Setup:

Remote Client (WinXP SP2) -> Internet -> Router (VPN connection) -> LAN w/ W2K PDC

I know that if I use the W2K server as the VPN host I can achieve this, but in this situation the machine is not directly connected to the Internet.


#2 red8Rain

red8Rain

    SomeOne

  • Joined: 09-March 03

Posted 08 July 2005 - 20:12

there's a little tick mark during the process to log onto a windows xp w/ sp2 box (click the options button), I think there's a button to say connect using or something like that. It will then prompt you which method you want to use to connect, use your vpn. Your router or vpn server must then be able to take that username and password and authenicate it with a windows 2k server. btw, there is no such thing as a pdc in windows 200x. technically, there is but it isn't seen that way.

If your router can pass the info to windows 2000, you have connected to your windows 2000 network. not sure if that answered your question or not.

#3 OP Dudydoo

Dudydoo

    Neowinian

  • Joined: 06-April 02

Posted 08 July 2005 - 20:18

Thanks for your reply, but as far as I can see in the router web configuration pages, I cannot see a way to get it to authenicate with another host.

Sorry about the PDC talk, I still can't forget the old NT lingo :)

#4 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 106
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 08 July 2005 - 21:09

I am guessing this machine your using is not a member of the domain?

Just auth to the server that has the resources you need with a valid username and password to said resources..

C:\>net help use
The syntax of this command is:


NET USE
[devicename | *] [\\computername\sharename[\volume] [password | *]]
        [/USER:[domainname\]username]
        [/USER:[dotted domain name\]username]
        [/USER:[username@dotted domain name]
        [/SMARTCARD]
        [/SAVECRED]
        [[/DELETE] | [/PERSISTENT:{YES | NO}]]

NET USE {devicename | *} [password | *] /HOME

NET USE [/PERSISTENT:{YES | NO}]


NET USE connects a computer to a shared resource or disconnects a
computer from a shared resource. When used without options, it lists
the computer's connections.

devicename       Assigns a name to connect to the resource or specifies
                 the device to be disconnected. There are two kinds of
                 devicenames: disk drives (D: through Z:) and printers
                 (LPT1: through LPT3:). Type an asterisk instead of a
                 specific devicename to assign the next available
                 devicename.
\\computername   Is the name of the computer controlling the shared
                 resource. If the computername contains blank characters,
                 enclose the double backslash (\\) and the computername
                 in quotation marks (" "). The computername may be from
                 1 to 15 characters long.
\sharename       Is the network name of the shared resource.
\volume          Specifies a NetWare volume on the server. You must have
                 Client Services for Netware (Windows Workstations)
                 or Gateway Service for Netware (Windows Server)
                 installed and running to connect to NetWare servers.
password         Is the password needed to access the shared resource.
*                Produces a prompt for the password. The password is
                 not displayed when you type it at the password prompt.
/USER            Specifies a different username with which the connection
                 is made.
domainname       Specifies another domain. If domain is omitted,
                 the current logged on domain is used.
username         Specifies the username with which to logon.
/SMARTCARD       Specifies that the connection is to use credentials on
                 a smart card.
/SAVECRED        Specifies that the username and password are to be saved.
                 This switch is ignored unless the command prompts for username
                 and password.  This option is not available on Windows XP
                 Home Edition and will be ignored.
/HOME            Connects a user to their home directory.
/DELETE          Cancels a network connection and removes the connection
                 from the list of persistent connections.
/PERSISTENT      Controls the use of persistent network connections.
                 The default is the setting used last.
YES              Saves connections as they are made, and restores
                 them at next logon.
NO               Does not save the connection being made or subsequent
                 connections; existing connections will be restored at
                 next logon. Use the /DELETE switch to remove
                 persistent connections.
NET HELP command | MORE displays Help one screen at a time.


#5 Mattimeo

Mattimeo

    Neowinian

  • Joined: 09-March 03
  • Location: Portland, OR

Posted 08 July 2005 - 21:21

I guess I don't understand the issue then. What does your router have anything to do with authentication? The server authenticates you for the login process not the router. The router authenticates the remote session, but in terms of a Windows login process, the router has nothing to do with it. Just as long as the router provides VPN connectivity, thats all that should happen.

#6 OP Dudydoo

Dudydoo

    Neowinian

  • Joined: 06-April 02

Posted 09 July 2005 - 15:12

Yay! I done it!!


Thanks for your help everyone. Here's what worked...

On the remote client (home), I had to add the DNS & WINS address of the Windows Domain Controller, so that after the VPN connection was established it could find the server.

Then I made the remote client (home) join the domain.

After that, all I have to do at the login screen, is choose logon to domain, check the dial a connection option, which connects to the VPN, then authenticates to the DC and bingo!! (Especially thanks to IPv6's post for that tip)

Of course, I can also use the 'net use' command instead of joining the domain.

Now all I have to do is get round to using IPSec instead of PPTP :)