Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Sonicwall SSLVPN2000 issue.

Posted on 2009-04-18
15
Medium Priority
?
476 Views
Last Modified: 2012-05-06
I have a sonicwall integrated with AD and it requires users to type a password before accessing the shares when they are already logged into the device and in the correct domain! I have done this before on numerous networks and once I get my bookmarks correctly configured(just like I did this one[i think]) the device allows users to access the shares (that they have permissions to on the network) without problems.
Does anyone know what I might haved missed in this configuration?  I don't want this double authentication and my users can't stand it either.
SonicwallSSL2000-Configuration.pdf
0
Comment
Question by:oliverwari
  • 9
  • 5
14 Comments
 

Author Comment

by:oliverwari
ID: 24183483
Hi Experts,
I am still hoping that someone has come across a similar fix and probably has a solution.
0
 
LVL 1

Accepted Solution

by:
TheAnimaniac earned 2000 total points
ID: 24208209
Do you have single sign on enabled?
Did you use a fqdn domain name instead of the old NETBIOS style domain name in the domain configuration options?
Did you fill in the ip address of a Global Catalog server in the domain configuration options?
What firmware version are you running and are you able to upgrade if necessary?
0
 

Author Comment

by:oliverwari
ID: 24208656
I recently changed the Global Catalog server on this network so that might be something to look at.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 

Author Comment

by:oliverwari
ID: 24240717
I have checked my server configurations and nothing looks out of place. Remember that it uses the VPN credentials to RDP into the workstations just fine but requires re-entering of the credentials before accessing the network shares.  Thought it may have something to do with file permissions but I obtain the same results when using the admin account!
0
 
LVL 1

Expert Comment

by:TheAnimaniac
ID: 24241513
Might it be a time realted issue?
When you logon to a rdp session time is not an issue but when you logon to a share, time (your kerberos ticket) is an issue.
0
 

Author Comment

by:oliverwari
ID: 24243947
Just checked and the time is correct...on the SSL-VPN. Will check the servers later to be sure all looks good.  From previous experience, when the time is wrong the ssl-vpn, it won't even authenticate the login into the device using AD.  This is not a problem in this case.
I even configured the SSL-VPN to log in using custom credentials and I typed in valid credentials and it still pops up that annoying logon screen when a share is being accessed.
0
 
LVL 1

Expert Comment

by:TheAnimaniac
ID: 24392295
Is it perhaps a DFS share? We've had trouble with DFS shares. So were directing our sonicwall share access to one dedicated fileserver share.
0
 

Author Comment

by:oliverwari
ID: 24393406
It is not a DFS share.  However, I agree with you that it is a share level issue and not a sonicwall issue. I just picked a different server and created a share just to test the issues. Referenced a bookmark on the sonicwall to the new share and check permissions. Now it works alright from the sonicwall when I log in as the AD administrator but NOt when I log in as any domain user or any other use who belongs to the domain admin  group!!  I have setup more than 4 different sslvpns on different networks since I posted this problem here on EE and they all work without issues.
0
 
LVL 1

Assisted Solution

by:TheAnimaniac
TheAnimaniac earned 2000 total points
ID: 24393906
Are the local admin pw and the domain admin pw the same? If so are you able to test with a changed local admin pw on the affecting server and see what that does?
0
 

Author Comment

by:oliverwari
ID: 24398518
I am not sure wha you mean but all authentication is via AD into the device and on the network.  I do log in locally into the device when changing configurations but then I log in via AD for testing.
0
 
LVL 1

Assisted Solution

by:TheAnimaniac
TheAnimaniac earned 2000 total points
ID: 24398815
You are authenticated through AD but your credentials are passed to the device your are connecting to, in this case a file share. I am suggesting your make sure the local admin pw on de server wich hosts the file share and the pw of the domain administrator are different. To test if there is a flaw in the authentication process. I just want to know because the user "administrator" is known localy on the server and the other users, member of the group "domain admins", aren't.
0
 

Author Comment

by:oliverwari
ID: 24404129
Great input. I changed the local admin password on the server with the new share I created for testing purposes and now it won't let that account access the share without a second authentication either. Problem is not yet solved though but we now know that the administrator account wasn't working with AD credentials - thanks
0
 

Author Comment

by:oliverwari
ID: 24482773
When the option to "Use File Shares Java Applet" is checked, the access to the shares works fine without any further authentication of the logged in user.
Will be closing this ticket when I come back here unless someone can help me with the solution of getting the access to the shares without using the Java Applet.
0
 

Author Closing Comment

by:oliverwari
ID: 31571787
It is clearly a share permissions issue on the domain. The Java Applet works great so I am closing the case.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question