• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 880
  • Last Modified:

DFS namespace over RADIUS authentication through a Cisco ASA 5510

I have the following scenario:

(1) Cisco ASA 5510 configured to use RADIUS auth on the VPN settings, and its pointed to a Windows 2003 Enterprise Domain Controller, which handles AD services.

We set the Dial-in setting on the user account properties in ADUC to "allow" -- this accomplishes the VPN allow/deny requirement.

what doesnt work over VPN, is the DFS namespace, so shares can only be mapped with the NetBIOS UNC syntax.  which isnt a big deal, but an annoyance.

The DFS namespace server, by the way, is a Windows 2008 Standard R2 box.

ideas? suggestions?
  • 3
  • 2
1 Solution
Felix LevenCommented:
Are you sure the nameresolution of the connected clients is not a problem (internal/external DNS-Server used). All namespaces and servers needed to access the dfs share can be resolved from the client ?

kapshureAuthor Commented:

i'm not certain i follow the first sentence? can you elaborate some more? as for the second sentence, if you mean the remote client over VPN, then the share can only be accessed via the UNC syntax. Internally the DFS namespace works, over VPN, no.

what am i missing?
Felix LevenCommented:
When the VPN client ist connected, can you ping on this VPN connected client the DNS-Names of the AD server and the DFS-Server  ?
Felix LevenCommented:
If NetbiosBios works, LDAP open for VPN-Users ?

Distributed File System
The Distributed File System (DFS) integrates disparate file shares that are located across a local area network (LAN) or wide area network (WAN) into a single logical namespace. The DFS service is required for Active Directory domain controllers to advertise the SYSVOL shared folder.

System service name: Dfs

Application protocol/Protocol/Ports
NetBIOS Datagram Service/UDP/138
NetBIOS Session Service/TCP/139

LDAP Server/TCP/389
LDAP Server/UDP/389



Randomly allocated high TCP ports┬╣


random port number between 1024 - 65535
random port number between 49152 - 65535┬▓

More Port documentation:
kapshureAuthor Commented:

I'm pretty sure we have only the most basic ports open on the ASA. That I need to check

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now