DFS namespace over RADIUS authentication through a Cisco ASA 5510
I have the following scenario:
(1) Cisco ASA 5510 configured to use RADIUS auth on the VPN settings, and its pointed to a Windows 2003 Enterprise Domain Controller, which handles AD services.
We set the Dial-in setting on the user account properties in ADUC to "allow" -- this accomplishes the VPN allow/deny requirement.
what doesnt work over VPN, is the DFS namespace, so shares can only be mapped with the NetBIOS UNC syntax. which isnt a big deal, but an annoyance.
The DFS namespace server, by the way, is a Windows 2008 Standard R2 box.
ideas? suggestions?
(1) Cisco ASA 5510 configured to use RADIUS auth on the VPN settings, and its pointed to a Windows 2003 Enterprise Domain Controller, which handles AD services.
We set the Dial-in setting on the user account properties in ADUC to "allow" -- this accomplishes the VPN allow/deny requirement.
what doesnt work over VPN, is the DFS namespace, so shares can only be mapped with the NetBIOS UNC syntax. which isnt a big deal, but an annoyance.
The DFS namespace server, by the way, is a Windows 2008 Standard R2 box.
ideas? suggestions?
Felix Leven
Are you sure the nameresolution of the connected clients is not a problem (internal/external DNS-Server used). All namespaces and servers needed to access the dfs share can be resolved from the client ?
ASKER
@MrGraves
i'm not certain i follow the first sentence? can you elaborate some more? as for the second sentence, if you mean the remote client over VPN, then the share can only be accessed via the UNC syntax. Internally the DFS namespace works, over VPN, no.
what am i missing?
i'm not certain i follow the first sentence? can you elaborate some more? as for the second sentence, if you mean the remote client over VPN, then the share can only be accessed via the UNC syntax. Internally the DFS namespace works, over VPN, no.
what am i missing?
When the VPN client ist connected, can you ping on this VPN connected client the DNS-Names of the AD server and the DFS-Server ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@mrGraves
I'm pretty sure we have only the most basic ports open on the ASA. That I need to check
I'm pretty sure we have only the most basic ports open on the ASA. That I need to check