Solved

ISA 2006 VPN + Active Directory Authentication

Posted on 2009-07-01
2
706 Views
Last Modified: 2012-05-07
Hi,

We've been testing ISA2006 for VPN access.  Its currently installed, and authentication VPN connections against a Radius server.

We can add users to a setup VPN Security group to allow them access and that works great.

What I'd like to do though, is when someone logs into the VPN have it run their Active Directory login script, so they receive their mapped drives automatically.  

I've also noticed that we try to map to UNC shares, it asks the user for their credentials, is there any way to get the VPN connection to cache the login credentials and use them?

Hope this makes sense.

Thanks
Paul
0
Comment
Question by:pmason08
2 Comments
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 24758375
When the users connect they need to be at the "Crl-Alt-Del" on their machine.  They need to check the checkbox that says "Log on using Dialup Connection" and choose the correct VPN Connection.  Their machines have to of course be Domain Members and they must be using Domain level user accounts.    This might let their login scripts run,..but if it doesn't then it just "ain't gonna happen". You will have to use a Batch file that is "shortcutted" into the Startup "folder" of the All Users Profile of the Start Menu so that it runs last after they are logged in.
Mapped drives,...well they are a thing of the past and you should get rid of them.  Using Shortcuts based on the UNC path is 100 time better and more dependable.  But if you feel you can't do without them, and the login scripts won't work then you will have to use a Batch file that is "shortcutted" into the Startup "folder" of the All Users Profile of the Start Menu so that it runs after they are logged in.  This batch file must first delete any mapped drive that might conflict, and then create the drives you want,...if you don't do that it will generate errors (which will confuse the users) if they run the batch file manually after it has already mapped the drives.
I don't know about the second "prompt" for credentials,..there are just too many different things that can cause that.  But one thing I do know is that I would get rid of the RADIUS Server in a heartbeat and run the ISA as a Domain Member and allow it to authenticate the users agains AD directly itself.  This article might be a good read for you.....
Debunking the Myth that the ISA Firewall Should Not be a Domain Member
http://www.isaserver.org/tutorials/Debunking-Myth-that-ISA-Firewall-Should-Not-Domain-Member.html
 
0
 
LVL 7

Expert Comment

by:mcse2007
ID: 24776896
I wouldn't go this path mapping network path while connecting via VPN.......it will only frustrate the user. Why, if the drives mapping have Gb in size, it will takes time for the VPN client to even view the folders let alone opening a file. Try enabling the offline files.

UNC path is also a tricky one and many admin get trap on this. To overcome this try running ISA log report where you can see the on time traffic, then do a UNC path from any machine, from the report watch which protocol is being requested (it is microsoft something like that), then stop the log, create a rule using that protocol then try again.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now