naexpert
asked on
Using network shares always prompts for user name and password. (500 pts)
Hi everyone,
I'm, sure there is an easy solution to this but I can't figure it out.
Setup is:
Netgear FVX538v2 firewall.
Netgear ProSafe Client VPN software.
Authentication using RADIUS (Microsoft).
We have a user who is in the domain admin group, the issue is this:
Can connect to VPN.
Can ping ip addresses and with Mode Config enabled, can ping computer names.
Can remote desktop to machines
The big problem is:
When user connects to a share or administration share i.e. c$ (via the VPN) he always gets prompted for a windows user name and password. once this info is entered, can use share. Eveytime he uses this same share or any other share, he always gets prompted for a user name and password. This is causing me a real headache!
Can you advise on anything I can do to allow the user to NOT have to always provide user name and password everytime he uses a share?
Look forward to your advice on this one!, cheers, naexpert.
I'm, sure there is an easy solution to this but I can't figure it out.
Setup is:
Netgear FVX538v2 firewall.
Netgear ProSafe Client VPN software.
Authentication using RADIUS (Microsoft).
We have a user who is in the domain admin group, the issue is this:
Can connect to VPN.
Can ping ip addresses and with Mode Config enabled, can ping computer names.
Can remote desktop to machines
The big problem is:
When user connects to a share or administration share i.e. c$ (via the VPN) he always gets prompted for a windows user name and password. once this info is entered, can use share. Eveytime he uses this same share or any other share, he always gets prompted for a user name and password. This is causing me a real headache!
Can you advise on anything I can do to allow the user to NOT have to always provide user name and password everytime he uses a share?
Look forward to your advice on this one!, cheers, naexpert.
RichardSlater
What is the user logging into the remote machine (client) as? a non-domain user? Don't take this as cannon by any means but wouldn't the user have to be logged in to the computer with a user that has privalages to connect to the shared... something he wouldn't need in the other test you made (ping and DNS/WINS don't require authentication, RDP is authenticated upon connection?)
ASKER
Hi Richard,
Thanks for the quick response. The user has his own small workgroup at home. Saying that, I have a test machine in my office which has it's own seperate internet connection, this is a workgroup computer also, so has no logon as such. I can replicate the same issues on this machine.
I have tried microsofts own VPN software and this all semes to work nicely allowing the user to 'log on' to the domain and this gives full domain access. You might wonder why we just don't use this, well the guy at the remote site does not want to use MS vpn software as it messes up his intent speed and his voip phone!
Hope this all makes sense? cheers, naexpert.
Thanks for the quick response. The user has his own small workgroup at home. Saying that, I have a test machine in my office which has it's own seperate internet connection, this is a workgroup computer also, so has no logon as such. I can replicate the same issues on this machine.
I have tried microsofts own VPN software and this all semes to work nicely allowing the user to 'log on' to the domain and this gives full domain access. You might wonder why we just don't use this, well the guy at the remote site does not want to use MS vpn software as it messes up his intent speed and his voip phone!
Hope this all makes sense? cheers, naexpert.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Here is a little info about split-tunneling: http://www.isaserver.org/tutorials/2004fixipsectunnel.html
ASKER
Hi Nvah247,
Thanks so much for this info, very interesting. I now understand the issues raised by having a client connected to the domain network AND also connected to a potentially unsafe web connection.
The scenario I have is that the user is working ffrom home and has a hardware firewall, and is aware of all the risks regarding the web. I think in this instance, a split tunnel would be very handy.
Incidently, why do you recommend the microsoft vpn over other software vendors vpn products?
Cheers, neaxpert.
Thanks so much for this info, very interesting. I now understand the issues raised by having a client connected to the domain network AND also connected to a potentially unsafe web connection.
The scenario I have is that the user is working ffrom home and has a hardware firewall, and is aware of all the risks regarding the web. I think in this instance, a split tunnel would be very handy.
Incidently, why do you recommend the microsoft vpn over other software vendors vpn products?
Cheers, neaxpert.
ASKER
This solution worked for us based on using Microsofts own vpn software.
Well... It seems to integrate better with Microsoft products. :)