vextor
asked on
AD issue via openvpn on PFsense
Greetings and salutations.
I set up OpenVPN on my pfsense firewall and (almost) everything works well.
my problem is when i try to access AD resources it prompts me for my full AD UID and pass.
even tho the workstation is on the domain and works fine when in (not VPN) the network.
typing in UID and pass fails, typing in domain\UID and password fails.
I have to type in FQDN\UID and pass... then everything works.
so i have to type in:
blat.net\johndoe
cause blat\johndoe doesn't work????
i assume this is an AD issue but it works fine in the network just not via openVPN on PFsense
So, here is my network setup:
192.168.12.0/24 : main network behind pfSense
192.168.12.1 : pfSense box 1.2.2 (LAN)
192.168.12.2 : Server 2003 (active directory) (SP2)
192.168.13.0/24 : Remote computer VPN IP pool for VPN clients
192.168.13.100: workstation connected via VPN
From the VPN'ed workstation I can ping everything and get to internal network resources (workstations, Servers).
again from local workstations there is no problem
VPN client config:
client
dev tun
proto udp
remote blat.dyndns.net 1194
ping 10
resolv-retry 2
nobind
persist-key
persist-tun
ca ca.crt
cert openvpn1.crt
key openvpn1.key
ns-cert-type server
comp-lzo
pull
verb 1
I set up OpenVPN on my pfsense firewall and (almost) everything works well.
my problem is when i try to access AD resources it prompts me for my full AD UID and pass.
even tho the workstation is on the domain and works fine when in (not VPN) the network.
typing in UID and pass fails, typing in domain\UID and password fails.
I have to type in FQDN\UID and pass... then everything works.
so i have to type in:
blat.net\johndoe
cause blat\johndoe doesn't work????
i assume this is an AD issue but it works fine in the network just not via openVPN on PFsense
So, here is my network setup:
192.168.12.0/24 : main network behind pfSense
192.168.12.1 : pfSense box 1.2.2 (LAN)
192.168.12.2 : Server 2003 (active directory) (SP2)
192.168.13.0/24 : Remote computer VPN IP pool for VPN clients
192.168.13.100: workstation connected via VPN
From the VPN'ed workstation I can ping everything and get to internal network resources (workstations, Servers).
again from local workstations there is no problem
VPN client config:
client
dev tun
proto udp
remote blat.dyndns.net 1194
ping 10
resolv-retry 2
nobind
persist-key
persist-tun
ca ca.crt
cert openvpn1.crt
key openvpn1.key
ns-cert-type server
comp-lzo
pull
verb 1
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
noone has any other ideas??
ASKER
I enabled WINS on my domain but i am still seeing the main problem of having to type in
domain-name\UID each time the users access the server.
so it's alittle better that i dont need to type domain.local\UID
but when logged into the system as a domain user i still have to type domain\UID
thanks
Vex
domain-name\UID each time the users access the server.
so it's alittle better that i dont need to type domain.local\UID
but when logged into the system as a domain user i still have to type domain\UID
thanks
Vex
ASKER
/me is sad there is no fix for this, thanks aces4all2008 for trying.
ASKER
thanks for the info
ASKER
I tried to log into the workstation as FQDN\username
that doesn't work. :-(
I log into the system with blat.local\johndoe
VPN into the office and i still cant use my network shares without having to login.
i'm trying to avoid my users from having to type in the FQDN\username after they are logged in.
this is not an issue when using the cisco vpn system (just dont have 3k-5k to run it right now)
thanks