Link to home
Start Free TrialLog in
Avatar of Anestis Kozakis
Anestis KozakisFlag for Australia

asked on

Windows SBS 2011 Standard, VPN, and Connection Credentials

We have a client who currently has a VPN solution setup to connect via their mail server's external IP address.

Routing and remote Access and Network Policy Server are setup.

There is a username and password combination that works when connecting to the VPN service, but it does not correspond to any AD account and I cannot find anywhere where this account information or credentials for it are stored on the server.

NPS is setup for access by the standard Windows SBS Remote Web Access security group, but trying to connect with an AD account that is in this group  is not successful.

Do, we want to enable AD account authentication so that people can use their own AD accounts to login instead of creating a separate userid and password (as seems to be the current setup), as well as the ability to access shared folders they have access to on the server.

Any and all help is appreciated.
Avatar of Leo
Leo
Flag of Australia image

Logging in through AD credentials is not most secured and preferred way, it takes out all the hassle, and keeps everything in one place....single sign on....
Avatar of Anestis Kozakis

ASKER

You didn't answer my questions.  This was no help at all.
you should use AD authentication.
Please clarify your question.
The question is clear.

First - where is the current credentials that are being used stored if they are not stored in AD, as we want to remove them from being used.

Second: We want to enabled AD access via VPN for staff.  How do we do this?

Re-read your comment above as you contradicted yourself.  You said AD Authentication was not secure, then you said Single Sign on was best implying AD authentication was the best solution.  You need to make your comments clearer.

Your comment : "Logging in through AD credentials is not most secured and preferred way"
ASKER CERTIFIED SOLUTION
Avatar of David Atkin
David Atkin
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
It is obvious to me that even though your SBS has been configured to handle VPN it is not doing so.  

As David suggested, it is most likely being handled by another device -- your firewall (ie, SonicWall or other VPN-capable firewall).

I would think that when someone is connected to the VPN -- your SBS's RRA console still shows all VPN ports as inactive (as shown below).

User generated image
Turns out VPN was setup using the WatchGuard device.
We were able to set it up to use RADIUS instead with authentication through to the AD server.
See above.  Original VPN accounts were setup on the gateway device.
The gateway device is now using RADIUS with AD authentication back to AD server.