Solved

ISA 2006 VPN + Active Directory Authentication

Posted on 2009-07-01
2
733 Views
Last Modified: 2012-05-07
Hi,

We've been testing ISA2006 for VPN access.  Its currently installed, and authentication VPN connections against a Radius server.

We can add users to a setup VPN Security group to allow them access and that works great.

What I'd like to do though, is when someone logs into the VPN have it run their Active Directory login script, so they receive their mapped drives automatically.  

I've also noticed that we try to map to UNC shares, it asks the user for their credentials, is there any way to get the VPN connection to cache the login credentials and use them?

Hope this makes sense.

Thanks
Paul
0
Comment
Question by:pmason08
2 Comments
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 24758375
When the users connect they need to be at the "Crl-Alt-Del" on their machine.  They need to check the checkbox that says "Log on using Dialup Connection" and choose the correct VPN Connection.  Their machines have to of course be Domain Members and they must be using Domain level user accounts.    This might let their login scripts run,..but if it doesn't then it just "ain't gonna happen". You will have to use a Batch file that is "shortcutted" into the Startup "folder" of the All Users Profile of the Start Menu so that it runs last after they are logged in.
Mapped drives,...well they are a thing of the past and you should get rid of them.  Using Shortcuts based on the UNC path is 100 time better and more dependable.  But if you feel you can't do without them, and the login scripts won't work then you will have to use a Batch file that is "shortcutted" into the Startup "folder" of the All Users Profile of the Start Menu so that it runs after they are logged in.  This batch file must first delete any mapped drive that might conflict, and then create the drives you want,...if you don't do that it will generate errors (which will confuse the users) if they run the batch file manually after it has already mapped the drives.
I don't know about the second "prompt" for credentials,..there are just too many different things that can cause that.  But one thing I do know is that I would get rid of the RADIUS Server in a heartbeat and run the ISA as a Domain Member and allow it to authenticate the users agains AD directly itself.  This article might be a good read for you.....
Debunking the Myth that the ISA Firewall Should Not be a Domain Member
http://www.isaserver.org/tutorials/Debunking-Myth-that-ISA-Firewall-Should-Not-Domain-Member.html
 
0
 
LVL 7

Expert Comment

by:mcse2007
ID: 24776896
I wouldn't go this path mapping network path while connecting via VPN.......it will only frustrate the user. Why, if the drives mapping have Gb in size, it will takes time for the VPN client to even view the folders let alone opening a file. Try enabling the offline files.

UNC path is also a tricky one and many admin get trap on this. To overcome this try running ISA log report where you can see the on time traffic, then do a UNC path from any machine, from the report watch which protocol is being requested (it is microsoft something like that), then stop the log, create a rule using that protocol then try again.
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Resource timeout across a VPN 9 31
Setup new Win2012 DC, remove SBS 2011 5 23
Group Members to a csv file using PowerShell. 7 42
EXCHANGE 2010, EXCHANGE 2013 4 22
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question