• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 201
  • Last Modified:

User needs to connect to network resources from a non-domain computer using VPN

I have a Windows 2003 SBS server/network.
Some users need to access network files from their home computer running WinXP/Pro through VPN.

I got them to connect to the network and they are able to view files but can not save files to the network (They have full rights to the directory)

I also would like them to run the login script after connecting through the VPN.  Is there a way to force a second domain logon after the VPN connects and authenticate?
0
ivolach
Asked:
ivolach
  • 15
  • 7
  • 3
  • +2
1 Solution
 
naveedbCommented:
How are they authenticating to the Windows 2003 Network right now?

What are you using for VPN Connectivity?
0
 
ivolachAuthor Commented:
They are using WinXP VPN connection
The VPN login authenticate them.
0
 
masnrockCommented:
Is the VPN authentication tied to Active Directory or no?
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
ivolachAuthor Commented:
I believe it is
0
 
masnrockCommented:
To word it another way, is your Windows server your VPN server also?

If indeed it is, check out this article:
http://www.windowsnetworking.com/articles_tutorials/Client_Based_VPN_via_PPTP.html

There's a section talking about where to check off for domain login in the VPN client settings.

Let us know if it helps or not.
0
 
ivolachAuthor Commented:
Yes it is
0
 
ivolachAuthor Commented:
Every thing in the article has been followed and I can see that the work network is connected.
The difficulty I am facing is that It is very difficult to map a drive to the network and even when I succeed, I can open files but in a read only mode and I can not save any files to the network.
0
 
naveedbCommented:
ReadOnly has nothting to do with VPN setting, double check your permissions and make sure the you have correctly configured the VPN connection setting at cleint end to include/exclude the Domain name option.

You can use "Connection Manager" to create VPN Custom connection. This will allow you to run a script after the vpn connection has been established. Just add the login script and it should work.
0
 
ivolachAuthor Commented:
I have checked all the permissions and they are properly setup.

Does the fact that the home computer is not part of the domain affect anything?

I have used the connection manager and I could not find the parameter or area that allows to run a script after the vpn connection has been established.

In any case, when I try to map the network drive to my \\servername\sharename I get an error: a device attached to the system is not functioning
0
 
ChristianJKochCommented:
just curious..are you using IPsec or the PPTP implmentation for vpn authentication? (the PPTP route is very unsecure)

a good, secure vpn solution for SOHO organizations to check out is himachi - http://www.hamachi.cc/
0
 
ivolachAuthor Commented:
PPTP
0
 
ivolachAuthor Commented:
When I use the same settings on a notebook that is part of the domain I have no problems connecting and using the resources on the network. (in both cases connecting from home)
0
 
naveedbCommented:
Can you try with \\ServerIPAddress\sharename and see if it works?

Are you able to ping the server, and are you able to ping the client after VPN is established from server?

Lets break down the issue into two parts. First we will try to fix the connectivity/mapping and latter will work the automating via script.
0
 
ivolachAuthor Commented:
I can ping the server from the client but can not ping the client from the server.

I have tried the \\serveripadress\sharename and it does not work
0
 
naveedbCommented:
What kind of Firewall are you running on the client, and can you disable it and test again? Where is the VPN terminating at SBS or a seperate device?


0
 
ivolachAuthor Commented:
the VPN is terminating at SBS
The firewall is TrendMicro

I can disable the firewall, but the question remains, why can I connect through the VPN when I use a computer that belongs to the domain and can not do it when I use a computer that does not belong to the domain.

In any case, on the computer that does not belong to the domain, I can connect through the VPN, I can see that the user is authenticated, the computer gets an IP from the server DHCP and yet I can not access the resources.
0
 
Juan OcasioCommented:
Try this batch file

net use driveLetter \\ComputerName\ShareName * /user:DomainName\UserName

This will force authentication  as a AD user in your domain and they should have whatever permissions that user has on the network

HTH
0
 
Juan OcasioCommented:
PS, you will use this batch file after the user is logged onto the domain through VPN.

jocasio
0
 
Juan OcasioCommented:
BTW, you'd copy the line I provided and save as with a bat extension.  So if you want jdoe to be able to map drive j to a folder called company on the xyz server in the domain COMPANY, you would type in the following:

net use j: \\xyz\company * /user:COMPANY\jdoe

The * will prompt the user to enter their network password for the username provided.
0
 
ivolachAuthor Commented:
I have tried and I got the error message:
user contaxt supplied is invalid (3775)
0
 
naveedbCommented:
Did you try after disabling firewall?
0
 
ivolachAuthor Commented:
I did and got the same results
0
 
ivolachAuthor Commented:
I have checked again and after disabling the firewall on the client PC I am able to map the drive and read the files but I can't save files, create new ones etc.

I have checked again the permissions on the directory, including disabling the inheriting rights from parent directory, I have all the rights except take ownership and change rights.
0
 
naveedbCommented:
Can you login inside your network with same username/password and see if they are able to read and save files?

Also post the output from 'net use' and 'net config' command both outside and inside the network.

There is not much in VPN setting you can do to restrict read/write access. It is handled by above layer 4, so we have to look at the authentication / login issues to narrow it down.
0
 
ivolachAuthor Commented:
naveedb
I will follow your directions a little later when I am in the office.

However, I have noticed from the server logs that although I connect the VPN as '\\domain\user1' the server logs an attempt to login as '\\homecomputer\homeuser' and obviously rejects that attempt.
0
 
ivolachAuthor Commented:
I have found the problem and it had to do with the access rights to the share.

Thanks
0
 
naveedbCommented:
Very good.

Do you still need help with login script?
0
 
ivolachAuthor Commented:
It looks like once you map the network drive it stays there for future connection so it is probably going to work the way it is

Thanks
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 15
  • 7
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now