Anestis Kozakis
asked on
Windows SBS 2011 Standard, VPN, and Connection Credentials
We have a client who currently has a VPN solution setup to connect via their mail server's external IP address.
Routing and remote Access and Network Policy Server are setup.
There is a username and password combination that works when connecting to the VPN service, but it does not correspond to any AD account and I cannot find anywhere where this account information or credentials for it are stored on the server.
NPS is setup for access by the standard Windows SBS Remote Web Access security group, but trying to connect with an AD account that is in this group is not successful.
Do, we want to enable AD account authentication so that people can use their own AD accounts to login instead of creating a separate userid and password (as seems to be the current setup), as well as the ability to access shared folders they have access to on the server.
Any and all help is appreciated.
Routing and remote Access and Network Policy Server are setup.
There is a username and password combination that works when connecting to the VPN service, but it does not correspond to any AD account and I cannot find anywhere where this account information or credentials for it are stored on the server.
NPS is setup for access by the standard Windows SBS Remote Web Access security group, but trying to connect with an AD account that is in this group is not successful.
Do, we want to enable AD account authentication so that people can use their own AD accounts to login instead of creating a separate userid and password (as seems to be the current setup), as well as the ability to access shared folders they have access to on the server.
Any and all help is appreciated.
Logging in through AD credentials is not most secured and preferred way, it takes out all the hassle, and keeps everything in one place....single sign on....
ASKER
You didn't answer my questions. This was no help at all.
you should use AD authentication.
Please clarify your question.
Please clarify your question.
ASKER
The question is clear.
First - where is the current credentials that are being used stored if they are not stored in AD, as we want to remove them from being used.
Second: We want to enabled AD access via VPN for staff. How do we do this?
Re-read your comment above as you contradicted yourself. You said AD Authentication was not secure, then you said Single Sign on was best implying AD authentication was the best solution. You need to make your comments clearer.
Your comment : "Logging in through AD credentials is not most secured and preferred way"
First - where is the current credentials that are being used stored if they are not stored in AD, as we want to remove them from being used.
Second: We want to enabled AD access via VPN for staff. How do we do this?
Re-read your comment above as you contradicted yourself. You said AD Authentication was not secure, then you said Single Sign on was best implying AD authentication was the best solution. You need to make your comments clearer.
Your comment : "Logging in through AD credentials is not most secured and preferred way"
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It is obvious to me that even though your SBS has been configured to handle VPN it is not doing so.
As David suggested, it is most likely being handled by another device -- your firewall (ie, SonicWall or other VPN-capable firewall).
I would think that when someone is connected to the VPN -- your SBS's RRA console still shows all VPN ports as inactive (as shown below).
As David suggested, it is most likely being handled by another device -- your firewall (ie, SonicWall or other VPN-capable firewall).
I would think that when someone is connected to the VPN -- your SBS's RRA console still shows all VPN ports as inactive (as shown below).
ASKER
Turns out VPN was setup using the WatchGuard device.
We were able to set it up to use RADIUS instead with authentication through to the AD server.
We were able to set it up to use RADIUS instead with authentication through to the AD server.
ASKER
See above. Original VPN accounts were setup on the gateway device.
The gateway device is now using RADIUS with AD authentication back to AD server.
The gateway device is now using RADIUS with AD authentication back to AD server.