Re: VPN client are prompted for username/password

Change the rule from All users to Authenticated users gets the users prompted
for username/password again.
So something else is wrong here.
The users and clients are member of the same domain as the ISA servers
belong to.

"ZVR" wrote:

Phillip is entirely correct, however you could add "Authenticated Users" to
the rule instead of "All Users", in which case users authenticated by any
entity (ISA included) will be allowed access - so you will be able to track
who uses what.

Virgil



"Phillip Windell" <@.> wrote in message
news:OvAX4gUSGHA.6084@xxxxxxxxxxxxxxxxxxxxxxx
Unless the users machine's they are sitting at are Members of the Domain,
and the users log in with Domain Accounts,...this is the way it is
supposed
to behave.

The credentials they use to establish the VPN connection do only
that,..they
establish the VPN connection,...that does not "log them onto the Domain".

At our place the Users are using their work laptops that are already
members
of the domain and the users are logging into the laptops with thier
"cached"
domain account. They can use any valid credentials to establish the
VPN,..but the actual domain authentication goes by their cached domain
account,...so they don't get the prompt. Whatever credentials they used
to
established the VPN link with become irrelevant after the link is
established.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Rob Pijpers" <RobPijpers@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C5B66BFC-CE0D-4DF2-BE7F-D0B34AE63F27@xxxxxxxxxxxxxxxx
We have the following situation, VPN users connect to an ISA 2004 SE and
are
routed to the internal network, this works fine. RSA is used in the
authentication process and this firewall handles only VPN traffic. If the
VPN
users want to go to the internet they connect to an ISA 2004 EE cluster
(2
nodes). When they do they are prompted for username/password.
Regarding the username/password entered they can't connect to the
internet.
The rule allowing access to internet permits users of an AD group to get
to
the internet, this works fine for the client on the internal network.
The only way to get the VPN users to the internet is to add the ISA
buildin
All users group to the rule. The disadvantage is that all users get
unauthenticated to the internet.
So what is going wrong here?





.

Relevant Pages

  • Re: Constant Login Prompt
    ... by authentication scheme, ... problem you describe is common in sngle server configurations if the ... login prompt, I can enter my username/password and until they logout ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Constant Login Prompt
    ... by authentication scheme, ... problem you describe is common in sngle server configurations if the ... login prompt, I can enter my username/password and until they logout ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: VPN client are prompted for username/password
    ... You could specify, within internet explorer-connections-dialup and ... The credentials they use to establish the VPN connection do only ... account,...so they don't get the prompt. ... When they do they are prompted for username/password. ...
    (microsoft.public.isa)
  • Re: Prompt for username/password when opening Office Document
    ... Prompt for username/password when opening Office Document ... Integrated Windows authentication cannot be passed through ...
    (microsoft.public.sharepoint.portalserver)
  • Minimum AD Permissions needed to query LDAP for username password auth
    ... I have a 3rd party VPN device that does 1) LDAP queries for user ... authentication (username/password) and 2) query what AD groups a user ...
    (microsoft.public.win2000.active_directory)