Re: vpn authentication
From: Manjari Bonam [MSFT] (manjarib_at_online.microsoft.com)
Date: 04/27/04
- Previous message: Sharoon Shetty K [MSFT]: "Re: VPN "remote computer did not respond"
- In reply to: Rod Tungate: "Re: vpn authentication"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 27 Apr 2004 12:41:06 +0530
Looks like you have configured VPN Server for Windows Authentication, which
means that it will authenticate only local users on the machine and allow
them to VPN in.
If you want the domain users to VPN in then you need to use RADIUS server to
accept authentication requests (which is configuring VPN Server to do RADIUS
authentication) or have your RRAS Server on your domain and have to do
Windows Authentication.
Look for info at
http://www.microsoft.com/technet/community/columns/cableguy/cg0404.mspx
-- - Manjari This posting is provided "AS IS" with no warranties, and confers no rights. "Rod Tungate" <rodt@best-bath.com> wrote in message news:eE16T49IEHA.3664@TK2MSFTNGP11.phx.gbl... > Yes it is like you said in the first sentence. In fact that is what my event > view was telling me. > > (The user BESTBATH\rod connected from 67.232.82.124 but failed an > authentication attempt due to the following reason: The current > configuration only supports local user accounts.) > > I just couldn't figure out what I needed to do to get around this. I think > and hope you answered my question. I will do little research on the Radius. > > This is the log file from my RRAS > > 192.168.1.225,,04/14/2004,11:18:27,RAS,BBSBCN,4,192.168.1.225,44,9,40,7,4108 > ,192.168.1.225,0,,4136,4,4142,0 > 192.168.1.225,administrator,04/14/2004,11:42:11,RAS,BBSBCN,4,192.168.1.225,6 > ,2,7,1,5,129,61,5,64,1,65,1,31,192.168.1.19,66,192.168.1.19,4108,192.168.1.2 > 25,0,,4147,311,4148,MSRASV5.00,4129,BBSBCN\administrator,4130,BBSBCN\adminis > trator,4127,4,25,311 1 192.168.1.225 04/14/2004 17:18:27 1,4136,1,4142,0 > 192.168.1.225,administrator,04/14/2004,11:42:11,RAS,BBSBCN,25,311 1 > 192.168.1.225 04/14/2004 17:18:27 > 1,4294967206,14,4294967207,2,6,2,7,1,4149,Allow access if dial-in permission > is > enabled,4120,0x0042425342434E,4127,4,4129,BBSBCN\administrator,4130,BBSBCN\a > dministrator,4136,2,4142,0 > 192.168.1.225,administrator,04/14/2004,11:42:11,RAS,BBSBCN,4,192.168.1.225,6 > ,2,7,1,5,129,61,5,64,1,65,1,31,192.168.1.19,66,192.168.1.19,25,311 1 > 192.168.1.225 04/14/2004 17:18:27 > 1,44,11,8,192.168.1.54,12,1500,50,9,51,1,55,1081964531,45,2,40,1,4108,192.16 > 8.1.225,0,,4147,311,4148,MSRASV5.00,4120,0x0042425342434E,4294967206,4,4136, > 4,4142,0 > 192.168.1.225,administrator,04/14/2004,11:42:26,RAS,BBSBCN,4,192.168.1.225,6 > ,2,7,1,5,129,61,5,64,1,65,1,31,192.168.1.19,66,192.168.1.19,25,311 1 > 192.168.1.225 04/14/2004 17:18:27 > 1,44,11,8,192.168.1.54,12,1500,50,9,51,1,55,1081964544,45,2,46,13,43,531,42, > 1616,48,19,47,24,49,1,40,2,4108,192.168.1.225,0,,4147,311,4148,MSRASV5.00,41 > 20,0x0042425342434E,4294967206,4,4136,4,4142,0 > 192.168.1.225,BESTBATH.LOCAL\rod,04/14/2004,11:42:54,RAS,BBSBCN,4,192.168.1. > 225,6,2,7,1,5,129,61,5,64,1,65,1,31,192.168.1.19,66,192.168.1.19,4108,192.16 > 8.1.225,0,,4147,311,4148,MSRASV5.00,25,311 1 192.168.1.225 04/14/2004 > 17:18:27 2,4136,1,4142,0 > 192.168.1.225,BESTBATH.LOCAL\rod,04/14/2004,11:42:54,RAS,BBSBCN,25,311 1 > 192.168.1.225 04/14/2004 17:18:27 > 2,4121,0x00453D36393120523D3020563D33,4136,3,4142,32 > 192.168.1.225,192.168.1.200\rod,04/14/2004,11:43:02,RAS,BBSBCN,4,192.168.1.2 > 25,6,2,7,1,5,129,61,5,64,1,65,1,31,192.168.1.19,66,192.168.1.19,4108,192.168 > .1.225,0,,4147,311,4148,MSRASV5.00,25,311 1 192.168.1.225 04/14/2004 > 17:18:27 3,4136,1,4142,0 > > "Manjari Bonam [MSFT]" <manjarib@online.microsoft.com> wrote in message > news:%23FYnkm3IEHA.964@TK2MSFTNGP10.phx.gbl... > > If your remote users are users on a domain which is on a different machine > > than the RRAS server then you should setup RADIUS Server for > authenticating > > them. > > But if your remote users are localusers on the RRAS server then you should > > not have any problem in authenticaiton. > > > > Did you give the users dial-in permissions? > > > > What are the errors you are getting here? Please forward the logs to me. > > > > -- > > - Manjari > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > "Rod Tungate" <rodt@best-bath.com> wrote in message > > news:#IAvoBxIEHA.828@TK2MSFTNGP12.phx.gbl... > > > Hello, I have a single ISA server 2000 setup on the external network on > a > > > 2000 server. Two nic cards, one connecting to the Internet with a public > > IP > > > address the other with a local IP address to connect to our internal > > > network. I have setup a VPN on this ISA server to accept VPN session > with > > > remote users. If I initiate a VPN session from the external network I > can > > > connect fine as the administrator of the ISA server. I cannot connect as > > > anyone on the local network. I cannot figure out the proccess I need to > > > complete to get the internal network to authenticate a remoter user on > > this > > > VPN. I have searched all over and cannot find any documentation that > seems > > > to address my type of setup and how to accomplish what I am trying to > do. > > > > > > Any help would be greatly appreciated. > > > Rod T. > > > > > > > > > > > >
- Previous message: Sharoon Shetty K [MSFT]: "Re: VPN "remote computer did not respond"
- In reply to: Rod Tungate: "Re: vpn authentication"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
